Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Problem with malware and spyware

This is a discussion on Problem with malware and spyware within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi i've got problems with spyware and malware. I don't know how ro remove it. I am not excellent at


 
 
Thread Tools Search this Thread
Old 10-22-2011, 04:04 AM   #1
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Hi i've got problems with spyware and malware. I don't know how ro remove it. I am not excellent at technical information but I am good at following instrauctions. Please would you help me step by step get rid of it all. According to a spyware program I have something called 'Rogue Security Shield 2011 infection' and 'Trojan Generic infection' and also I know that I keep deleting this file: C:\Program Files\BEARSH~1\MEDIABAR\DATAMNGR through my programs and it keeps coming back everytime I restart my computer. please can you help.

__________________
Blackwood is offline  
Old 10-23-2011, 01:05 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-23-2011, 06:23 AM   #3
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Thank you for your help, I will follow the instructions and post shortly
__________________
Blackwood is offline  
Old 10-23-2011, 06:52 AM   #4
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by David at 14:22:06 on 2011-10-23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.767.161 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
uSearch Page =
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/burn4free/{D5D17671-56EE-4057-99F5-BE822D7EF593}
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\burn4free db

toolbar\tbhelper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web

printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\burn4free db toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll
TB: Burn4Free DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\burn4free db toolbar\tbcore3.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: saynoto0870.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-IE/a-UNO1/GAME_UNO1.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} - hxxp://h30299.www3.hp.com/ediags/hpna/web/14/install/gtdownhp.cab?1,0,0,94
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{901A9566-256C-4580-B043-D44D22AE1804} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\fak05eg6.default\
FF - prefs.js: browser.search.defaulturl -

hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/burn4free/{D646C6BE-FF2C-4457-B8AB-97DC8B64FD73}?q=
FF - component: c:\documents and settings\david\application

data\mozilla\firefox\profiles\fak05eg6.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\david\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\david\application

data\mozilla\firefox\profiles\fak05eg6.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/p

ng,*/*;q=0.5,application/x-tsmxml);
.
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-14 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-10-21 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-10-21 656320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\all users\application

data\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-18

2255464]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RalinkRegistryWriter.exe [2011-10-15 69632]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25

919352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-10-21 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-10-21 1150936]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-10-15 619136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 16720]
S3 F-Secure Standalone Minifilter;F-Secure Standalone

Minifilter;\??\c:\docume~1\david\locals~1\temp\onlinescanner\anti-virus\fsgk.sys -->

c:\docume~1\david\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-13 27064]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-7-31 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-7-31 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-7-31 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys

[2009-7-31 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-7-31

26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-7-31 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-7-31

109736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-23 12:49:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows

defender\definition updates\{044c8358-e453-4220-a2c2-3797e6a0ef1a}\offreg.dll
2011-10-22 12:02:53 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows

defender\definition updates\backup\mpengine.dll
2011-10-22 12:02:32 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows

defender\definition updates\{044c8358-e453-4220-a2c2-3797e6a0ef1a}\mpengine.dll
2011-10-22 12:02:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-21 19:22:50 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-21 19:22:50 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-10-21 19:21:44 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-21 19:21:16 -------- d-----w- c:\program files\PC Tools Security
2011-10-21 19:21:16 -------- d-----w- c:\documents and settings\david\application data\PC Tools
2011-10-21 19:21:16 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-10-21 18:23:22 -------- d-----w- c:\program files\BEARSH~1
2011-10-21 18:11:54 -------- d-----w- C:\sh4ldr
2011-10-21 18:11:54 -------- d-----w- c:\program files\Enigma Software Group
2011-10-21 18:11:05 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-21 18:10:57 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-20 17:18:15 -------- d-----w- c:\program files\common files\Research In Motion
2011-10-20 17:18:13 -------- d-----w- c:\program files\Research In Motion
2011-10-20 09:46:10 -------- d-----w- c:\documents and settings\david\application data\Research In Motion
2011-10-18 13:45:17 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-18 13:45:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 13:41:29 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA

Corporation
2011-10-18 13:40:22 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-10-18 13:40:00 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-18 13:39:53 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-18 13:39:53 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-18 13:39:52 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-18 13:38:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-18 13:38:41 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-18 13:38:40 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-18 13:38:40 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-18 13:38:40 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-18 13:38:40 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-18 13:38:39 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-18 13:38:06 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-18 13:31:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:28:52 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-10-17 16:43:22 -------- d-----w- C:\My DVD
2011-10-17 16:41:11 -------- d-----w- c:\program files\XviD
2011-10-17 16:41:05 187904 ----a-w- c:\windows\system32\Lame.exe
2011-10-17 16:41:04 641021 ----a-w- c:\windows\unins000.exe
2011-10-17 16:41:04 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-10-17 16:40:44 -------- d-----w- c:\program files\EasyDVDRip
2011-10-16 13:23:59 892928 ----a-w- c:\windows\system32\iconv.dll
2011-10-16 13:23:59 675840 ----a-w- c:\windows\system32\ac3filter.ax
2011-10-16 13:23:59 61440 ----a-w- c:\windows\system32\xvid.ax
2011-10-16 13:23:56 -------- d-----w- c:\program files\Wondershare
2011-10-15 14:19:52 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-10-15 14:19:50 -------- d-----w- c:\program files\EDIMAX
2011-10-15 14:19:48 619136 ----a-w- c:\windows\system32\drivers\rt2870.sys
2011-10-15 14:19:48 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2011-10-15 14:19:47 4096 ----a-w- c:\windows\system32\drivers\rt2870.bin
2011-10-15 14:19:45 -------- d-----w- c:\documents and settings\all users\application data\Edimax Driver
2011-10-12 16:57:31 -------- d-----w- c:\documents and settings\david\application data\AVG2012
2011-10-12 16:50:45 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-25 18:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-10-03 01:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-03 11:49:00 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49:00 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49:00 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49:00 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49:00 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49:00 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49:00 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49:00 111208 ----a-w- c:\windows\system32\nvmctray.dll
__________________
Blackwood is offline  
Old 10-23-2011, 06:54 AM   #5
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-23 14:25:35
-----------------------------
14:25:35.609 OS Version: Windows 5.1.2600 Service Pack 3
14:25:35.609 Number of processors: 1 586 0xA00
14:25:35.609 ComputerName: HOME-96DDBCAEEA UserName: David
14:25:39.546 Initialize success
14:27:06.953 AVAST engine defs: 11102300
14:28:59.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:28:59.703 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3
14:29:01.718 Disk 0 MBR read successfully
14:29:01.718 Disk 0 MBR scan
14:29:02.531 Disk 0 Windows XP default MBR code
14:29:02.562 Disk 0 scanning sectors +156296385
14:29:02.750 Disk 0 scanning C:\WINDOWS\system32\drivers
14:29:59.953 Service scanning
14:30:01.812 Modules scanning
14:30:10.218 Disk 0 trace - called modules:
14:30:10.234 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
14:30:10.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84332ab8]
14:30:10.234 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> [0x843e4e50]
14:30:10.578 5 PCTCore.sys[f76d4099] -> nt!IofCallDriver -> \Device\00000071[0x84355f18]
14:30:10.578 7 ACPI.sys[f7786620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x843cb940]
14:30:11.203 AVAST engine scan C:\WINDOWS
14:30:21.781 AVAST engine scan C:\WINDOWS\system32
14:36:32.078 File: C:\WINDOWS\system32\winsrv.dll **INFECTED** Win32:Malware-gen
14:37:44.906 AVAST engine scan C:\WINDOWS\system32\drivers
14:38:35.859 AVAST engine scan C:\Documents and Settings\David
14:45:29.921 AVAST engine scan C:\Documents and Settings\All Users
14:48:36.203 Scan finished successfully
14:52:15.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David\My Documents\My Documents\Porn\MBR.dat"
__________________
Blackwood is offline  
Old 10-23-2011, 07:42 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-23-2011, 08:20 AM   #7
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Okay I did as you said and as it was Combofix was near to around stage 9 or 10 I think a fatal error occured and a blue screen appeared and my computer restarted. Do you want me to run it again?
__________________
Blackwood is offline  
Old 10-23-2011, 09:51 AM   #8
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Okay I did run it a second time and it has worked. Please see log below:

ComboFix 11-10-23.01 - David 23/10/2011 17:32:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.767.270 [GMT 1:00]
Running from: c:\documents and settings\David\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2BB
c:\documents and settings\All Users\Application Data\2BB\{5EA53F4A-210A-44AD-BDEF-A1881C2690DF}.swf
c:\documents and settings\All Users\Favorites\Thumbs.db
c:\documents and settings\David\Application Data\Desktopicon
c:\documents and settings\David\Application Data\Desktopicon\config.ini
c:\documents and settings\David\Application Data\Toolbar4
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1a06816a192357f4189197196943329e
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1c76e82ec54cd18a4ded0139fc7b9347
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\26aaf652b3ae60696a4875f485da2f86
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2bcdd36f73e915f5e3956b0e359e2b94
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\35db787c9ed332998cf35cd592dad718
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\3b194b7303d1532b1f5d39dea9b3ec11
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\44567846e0387d6a62062ab4dbf9ae96
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\62bc30f25d3fdeb4649ec65be608739b
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\639a4accf0b15e07ffc3e66029266ccf
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6f11d3f57222d8d4ba62f45aa5ca79b4
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\89c35566d3dfdce78572ff8c2a627ad2
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9840cd5f73490a37d4f3e47107ced675
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\acfc834035dccfb94e7f9067f5d48a83
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c99af55cb1bc0fa21b04e4d18edaf729
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\cddda81bc855c2246ff278cf02b589c2
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\df4570be347a68121d038aa7552d3745
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fb95fd1b987bd4ffbcb67783e51679ec
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1dfcc21cb058972d1a78f2572e74c3c9
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\2b1e48aafe5ac3b69f54a1e1e58e8419
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\48799e6132058471ea57d8066e8938b0
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\6cd49849edf124481f2c7d2f2ec60f1f
c:\documents and settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\8d35ea89b743df255e7e9d41f61f157d
c:\documents and settings\David\WINDOWS
c:\documents and settings\Susan Smart\Application Data\Toolbar4
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1a06816a192357f4189197196943329e
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1c76e82ec54cd18a4ded0139fc7b9347
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2bcdd36f73e915f5e3956b0e359e2b94
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\35db787c9ed332998cf35cd592dad718
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36eaa177f2d8f2bfa896ffe0bad8da4c
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\44567846e0387d6a62062ab4dbf9ae96
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\62bc30f25d3fdeb4649ec65be608739b
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\639a4accf0b15e07ffc3e66029266ccf
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6f11d3f57222d8d4ba62f45aa5ca79b4
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\89c35566d3dfdce78572ff8c2a627ad2
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9840cd5f73490a37d4f3e47107ced675
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\acfc834035dccfb94e7f9067f5d48a83
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c99af55cb1bc0fa21b04e4d18edaf729
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\cddda81bc855c2246ff278cf02b589c2
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\df4570be347a68121d038aa7552d3745
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fb95fd1b987bd4ffbcb67783e51679ec
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1dfcc21cb058972d1a78f2572e74c3c9
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\2b1e48aafe5ac3b69f54a1e1e58e8419
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\48799e6132058471ea57d8066e8938b0
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\8d35ea89b743df255e7e9d41f61f157d
c:\documents and settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\ed9007ba2da4365786024dbbc1251478
c:\program files\Burn4Free DB Toolbar\tbHElper.dll
c:\program files\Common Files\Uninstall
c:\windows\WindowsXP-KB822603-x86.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 16:02 . 2011-10-23 16:02 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{044C8358-E453-4220-A2C2-3797E6A0EF1A}\offreg.dll
2011-10-23 16:00 . 2011-10-23 16:00 -------- d-sh--w- c:\documents and settings\Administrator.HOME-96DDBCAEEA\IETldCache
2011-10-23 14:43 . 2011-10-23 14:48 -------- d-----w- c:\documents and settings\New
2011-10-22 12:02 . 2007-03-09 10:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-22 12:02 . 2011-10-18 01:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{044C8358-E453-4220-A2C2-3797E6A0EF1A}\mpengine.dll
2011-10-22 12:02 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-22 11:59 . 2011-10-22 11:59 -------- d-----w- c:\program files\Windows Defender
2011-10-21 19:22 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-21 19:22 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-10-21 19:21 . 2010-11-25 09:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-21 19:21 . 2011-10-23 12:50 -------- d-----w- c:\program files\PC Tools Security
2011-10-21 19:21 . 2011-10-21 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-10-21 19:21 . 2011-10-21 19:21 -------- d-----w- c:\documents and settings\David\Application Data\PC Tools
2011-10-21 18:23 . 2011-10-21 18:23 -------- d-----w- c:\program files\BEARSH~1
2011-10-21 18:11 . 2011-10-22 12:48 -------- d-----w- c:\program files\Enigma Software Group
2011-10-21 18:11 . 2011-10-22 12:45 -------- d-----w- C:\sh4ldr
2011-10-21 18:11 . 2011-10-22 12:44 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-21 18:10 . 2011-10-21 18:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-20 17:18 . 2011-10-23 15:42 -------- d-----w- c:\program files\Common Files\Research In Motion
2011-10-20 17:18 . 2011-10-22 18:00 -------- d-----w- c:\program files\Research In Motion
2011-10-18 14:30 . 2011-10-18 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-10-18 13:45 . 2011-10-03 04:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-18 13:45 . 2011-10-03 04:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 13:41 . 2011-10-18 13:41 -------- d-----w- c:\documents and settings\UpdatusUser
2011-10-18 13:41 . 2011-10-18 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-10-18 13:40 . 2011-08-03 11:49 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-10-18 13:40 . 2011-08-03 11:49 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-18 13:39 . 2011-10-18 13:39 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-18 13:39 . 2011-10-18 13:39 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-18 13:39 . 2011-10-18 13:39 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-18 13:38 . 2011-08-03 11:49 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-18 13:38 . 2011-08-03 11:49 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-18 13:38 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-18 13:38 . 2011-08-03 11:49 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-18 13:38 . 2011-08-03 11:49 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-18 13:38 . 2011-08-03 11:49 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-18 13:38 . 2011-08-03 11:49 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-18 13:38 . 2011-10-18 13:41 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-18 13:31 . 2011-10-20 10:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:28 . 2009-09-02 12:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-10-17 16:43 . 2011-10-17 16:58 -------- d-----w- C:\My DVD
2011-10-17 16:41 . 2011-10-17 16:41 -------- d-----w- c:\program files\XviD
2011-10-17 16:41 . 2004-07-26 11:12 187904 ----a-w- c:\windows\system32\Lame.exe
2011-10-17 16:41 . 2011-10-17 16:41 641021 ----a-w- c:\windows\unins000.exe
2011-10-17 16:41 . 2004-07-26 11:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-10-17 16:40 . 2011-10-17 17:31 -------- d-----w- c:\program files\EasyDVDRip
2011-10-16 13:23 . 2010-11-19 17:04 892928 ----a-w- c:\windows\system32\iconv.dll
2011-10-16 13:23 . 2010-11-19 17:04 675840 ----a-w- c:\windows\system32\ac3filter.ax
2011-10-16 13:23 . 2004-12-20 10:10 61440 ----a-w- c:\windows\system32\xvid.ax
2011-10-16 13:23 . 2011-10-16 20:49 -------- d-----w- c:\program files\Wondershare
2011-10-15 14:19 . 2011-10-15 14:19 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-10-15 14:19 . 2011-10-15 14:19 -------- d-----w- c:\program files\EDIMAX
2011-10-15 14:19 . 2008-07-29 23:44 619136 ----a-w- c:\windows\system32\drivers\rt2870.sys
2011-10-15 14:19 . 2008-07-29 23:43 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2011-10-15 14:19 . 2008-06-15 22:57 4096 ----a-w- c:\windows\system32\drivers\rt2870.bin
2011-10-15 14:19 . 2011-10-15 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Edimax Driver
2011-10-12 16:57 . 2011-10-22 12:56 -------- d-----w- c:\documents and settings\David\Application Data\AVG2012
2011-10-12 16:52 . 2011-10-12 16:52 -------- d-----w- c:\documents and settings\Susan Smart\Application Data\AVG2012
2011-10-12 16:50 . 2011-10-22 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-27 09:35 . 2011-09-27 09:35 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Trusteer
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 01:37 . 2008-01-30 19:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 10:41 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 05:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-07-22 11:58 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 05:08 . 2010-09-07 02:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-08-03 11:49 . 2007-07-24 10:55 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2007-07-24 10:54 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2006-10-22 11:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2006-10-22 11:22 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2006-10-22 11:22 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2006-10-22 11:22 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2006-10-22 11:22 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2006-10-22 11:22 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-01 11:24 . 2011-03-23 20:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"C-Media Mixer"="Mixer.exe" [2004-08-11 1228800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2011-10-15 1601536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-04-09 09:19 634880 ----a-w- c:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
2004-08-04 12:00 3072 ----a-w- c:\windows\system32\systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitLord 1.2\\Bitlord files\\bitlord.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/02/2010 22:42 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [21/10/2011 20:22 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [21/10/2011 20:22 656320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 295248]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 12:50 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [18/10/2011 14:41 2255464]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 15:23 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 15:23 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 15:23 16720]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\David\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\David\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04/08/2004 13:00 14336]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22/07/2009 18:31 47360]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [13/02/2011 14:13 27064]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [31/07/2009 10:03 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [31/07/2009 10:03 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [31/07/2009 10:03 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [31/07/2009 10:03 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [31/07/2009 10:03 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [31/07/2009 10:03 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [31/07/2009 10:03 109736]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [21/10/2011 20:21 366840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{D5D17671-56EE-4057-99F5-BE822D7EF593}
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: saynoto0870.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\fak05eg6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/burn4free/{D646C6BE-FF2C-4457-B8AB-97DC8B64FD73}?q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-WinUtilities Memory Optimizer - c:\program files\WinUtilities\ToolMemoryOptimizer.exe
MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-23 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-10-23 17:49:42
ComboFix-quarantined-files.txt 2011-10-23 16:49
.
Pre-Run: 16,207,069,184 bytes free
Post-Run: 16,710,262,784 bytes free
.
- - End Of File - - 9218F1D01E0C142CE0DD2827C63DF946
__________________
Blackwood is offline  
Old 10-23-2011, 10:06 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-23-2011, 12:45 PM   #10
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Okay there was no malicious objects found with that
__________________
Blackwood is offline  
Old 10-23-2011, 01:02 PM   #11
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



20:45:19.0875 3404 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
20:45:20.0156 3404 ============================================================
20:45:20.0156 3404 Current date / time: 2011/10/23 20:45:20.0156
20:45:20.0156 3404 SystemInfo:
20:45:20.0156 3404
20:45:20.0156 3404 OS Version: 5.1.2600 ServicePack: 3.0
20:45:20.0156 3404 Product type: Workstation
20:45:20.0156 3404 ComputerName: HOME-96DDBCAEEA
20:45:20.0156 3404 UserName: David
20:45:20.0156 3404 Windows directory: C:\WINDOWS
20:45:20.0156 3404 System windows directory: C:\WINDOWS
20:45:20.0156 3404 Processor architecture: Intel x86
20:45:20.0156 3404 Number of processors: 1
20:45:20.0156 3404 Page size: 0x1000
20:45:20.0156 3404 Boot type: Normal boot
20:45:20.0156 3404 ============================================================
20:45:21.0328 3404 Initialize success
20:45:23.0203 0948 ============================================================
20:45:23.0203 0948 Scan started
20:45:23.0203 0948 Mode: Manual;
20:45:23.0203 0948 ============================================================
20:45:24.0328 0948 Abiosdsk - ok
20:45:24.0375 0948 abp480n5 - ok
20:45:24.0468 0948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:45:24.0468 0948 ACPI - ok
20:45:24.0531 0948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:45:24.0531 0948 ACPIEC - ok
20:45:24.0578 0948 adpu160m - ok
20:45:24.0640 0948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:45:24.0640 0948 aec - ok
20:45:24.0718 0948 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:45:24.0718 0948 AegisP - ok
20:45:24.0796 0948 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:45:24.0796 0948 AFD - ok
20:45:24.0843 0948 Aha154x - ok
20:45:24.0890 0948 aic78u2 - ok
20:45:24.0921 0948 aic78xx - ok
20:45:25.0000 0948 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
20:45:25.0000 0948 alcan5wn - ok
20:45:25.0062 0948 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
20:45:25.0062 0948 alcaudsl - ok
20:45:25.0109 0948 AliIde - ok
20:45:25.0203 0948 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:45:25.0203 0948 AmdK7 - ok
20:45:25.0234 0948 amsint - ok
20:45:25.0312 0948 asc - ok
20:45:25.0328 0948 asc3350p - ok
20:45:25.0375 0948 asc3550 - ok
20:45:25.0484 0948 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
20:45:25.0500 0948 ASPI32 - ok
20:45:25.0578 0948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:45:25.0578 0948 AsyncMac - ok
20:45:25.0609 0948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:45:25.0625 0948 atapi - ok
20:45:25.0640 0948 Atdisk - ok
20:45:25.0687 0948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:45:25.0687 0948 Atmarpc - ok
20:45:25.0765 0948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:45:25.0765 0948 audstub - ok
20:45:25.0859 0948 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:45:25.0859 0948 AVGIDSDriver - ok
20:45:25.0968 0948 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:45:25.0968 0948 AVGIDSEH - ok
20:45:26.0015 0948 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:45:26.0031 0948 AVGIDSFilter - ok
20:45:26.0093 0948 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:45:26.0093 0948 AVGIDSShim - ok
20:45:26.0187 0948 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:45:26.0187 0948 Avgldx86 - ok
20:45:26.0375 0948 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:45:26.0390 0948 Avgmfx86 - ok
20:45:26.0468 0948 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:45:26.0468 0948 Avgrkx86 - ok
20:45:26.0562 0948 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:45:26.0562 0948 Avgtdix - ok
20:45:26.0640 0948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:45:26.0640 0948 Beep - ok
20:45:26.0828 0948 catchme - ok
20:45:26.0937 0948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:45:26.0937 0948 cbidf2k - ok
20:45:26.0984 0948 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:45:26.0984 0948 CCDECODE - ok
20:45:27.0015 0948 cd20xrnt - ok
20:45:27.0046 0948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:45:27.0046 0948 Cdaudio - ok
20:45:27.0078 0948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:45:27.0078 0948 Cdfs - ok
20:45:27.0140 0948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:45:27.0140 0948 Cdrom - ok
20:45:27.0171 0948 Changer - ok
20:45:27.0218 0948 CmdIde - ok
20:45:27.0281 0948 cmpci (21d32a883613739d206166ec1ae561f1) C:\WINDOWS\system32\drivers\cmaudio.sys
20:45:27.0296 0948 cmpci - ok
20:45:27.0359 0948 cmuda (924ab66e831e9cf3e20dbc6b63103516) C:\WINDOWS\system32\drivers\cmuda.sys
20:45:27.0375 0948 cmuda - ok
20:45:27.0468 0948 Cpqarray - ok
20:45:27.0515 0948 dac2w2k - ok
20:45:27.0546 0948 dac960nt - ok
20:45:27.0609 0948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:45:27.0609 0948 Disk - ok
20:45:27.0687 0948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:45:27.0703 0948 dmboot - ok
20:45:27.0750 0948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:45:27.0765 0948 dmio - ok
20:45:27.0781 0948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:45:27.0781 0948 dmload - ok
20:45:27.0843 0948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:45:27.0859 0948 DMusic - ok
20:45:27.0906 0948 dpti2o - ok
20:45:27.0968 0948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:45:27.0968 0948 drmkaud - ok
20:45:28.0015 0948 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
20:45:28.0015 0948 ENTECH - ok
20:45:28.0203 0948 F-Secure Standalone Minifilter - ok
20:45:28.0234 0948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:45:28.0234 0948 Fastfat - ok
20:45:28.0296 0948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:45:28.0296 0948 Fdc - ok
20:45:28.0343 0948 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:45:28.0343 0948 FETNDIS - ok
20:45:28.0390 0948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:45:28.0390 0948 Fips - ok
20:45:28.0468 0948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:45:28.0468 0948 Flpydisk - ok
20:45:28.0531 0948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:45:28.0531 0948 FltMgr - ok
20:45:28.0578 0948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:45:28.0593 0948 Fs_Rec - ok
20:45:28.0625 0948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:45:28.0625 0948 Ftdisk - ok
20:45:28.0656 0948 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:45:28.0671 0948 gameenum - ok
20:45:28.0718 0948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:45:28.0718 0948 Gpc - ok
20:45:28.0765 0948 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:45:28.0765 0948 hidusb - ok
20:45:28.0796 0948 hpn - ok
20:45:28.0859 0948 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:45:28.0859 0948 HPZid412 - ok
20:45:28.0921 0948 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:45:28.0921 0948 HPZipr12 - ok
20:45:28.0968 0948 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:45:28.0968 0948 HPZius12 - ok
20:45:29.0031 0948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:45:29.0046 0948 HTTP - ok
20:45:29.0109 0948 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:45:29.0109 0948 hwdatacard - ok
20:45:29.0140 0948 i2omgmt - ok
20:45:29.0171 0948 i2omp - ok
20:45:29.0218 0948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:45:29.0218 0948 i8042prt - ok
20:45:29.0265 0948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:45:29.0265 0948 Imapi - ok
20:45:29.0312 0948 ini910u - ok
20:45:29.0343 0948 IntelIde - ok
20:45:29.0437 0948 Intels51 (e11d0bd35f2bc91ff48ee0536ee5d31c) C:\WINDOWS\system32\DRIVERS\Intels51.sys
20:45:29.0453 0948 Intels51 - ok
20:45:29.0515 0948 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:45:29.0515 0948 Ip6Fw - ok
20:45:29.0609 0948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:45:29.0625 0948 IpFilterDriver - ok
20:45:29.0703 0948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:45:29.0703 0948 IpInIp - ok
20:45:29.0765 0948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:45:29.0765 0948 IpNat - ok
20:45:29.0796 0948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:45:29.0796 0948 IPSec - ok
20:45:29.0843 0948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:45:29.0843 0948 IRENUM - ok
20:45:29.0921 0948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:45:29.0921 0948 isapnp - ok
20:45:29.0968 0948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:45:29.0968 0948 Kbdclass - ok
20:45:30.0031 0948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:45:30.0046 0948 kmixer - ok
20:45:30.0078 0948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:45:30.0078 0948 KSecDD - ok
20:45:30.0125 0948 lbrtfdc - ok
20:45:30.0187 0948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:45:30.0187 0948 mnmdd - ok
20:45:30.0234 0948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:45:30.0234 0948 Modem - ok
20:45:30.0296 0948 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:45:30.0296 0948 MODEMCSA - ok
20:45:30.0343 0948 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:45:30.0359 0948 motmodem - ok
20:45:30.0390 0948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:45:30.0406 0948 Mouclass - ok
20:45:30.0453 0948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:45:30.0468 0948 mouhid - ok
20:45:30.0484 0948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:45:30.0500 0948 MountMgr - ok
20:45:30.0515 0948 mraid35x - ok
20:45:30.0562 0948 MRENDIS5 - ok
20:45:30.0625 0948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:45:30.0640 0948 MRxDAV - ok
20:45:30.0718 0948 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:45:30.0734 0948 MRxSmb - ok
20:45:30.0781 0948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:45:30.0781 0948 Msfs - ok
20:45:30.0828 0948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:45:30.0828 0948 MSKSSRV - ok
20:45:30.0875 0948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:45:30.0875 0948 MSPCLOCK - ok
20:45:30.0890 0948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:45:30.0906 0948 MSPQM - ok
20:45:30.0937 0948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:45:30.0953 0948 mssmbios - ok
20:45:31.0000 0948 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:45:31.0000 0948 MSTEE - ok
20:45:31.0031 0948 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:45:31.0031 0948 Mup - ok
20:45:31.0078 0948 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:45:31.0078 0948 NABTSFEC - ok
20:45:31.0125 0948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:45:31.0125 0948 NDIS - ok
20:45:31.0156 0948 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:45:31.0171 0948 NdisIP - ok
20:45:31.0296 0948 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:45:31.0296 0948 NdisTapi - ok
20:45:31.0359 0948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:45:31.0359 0948 Ndisuio - ok
20:45:31.0406 0948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:45:31.0406 0948 NdisWan - ok
20:45:31.0468 0948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:45:31.0468 0948 NDProxy - ok
20:45:31.0515 0948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:45:31.0515 0948 NetBIOS - ok
20:45:31.0562 0948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:45:31.0562 0948 NetBT - ok
20:45:31.0625 0948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:45:31.0640 0948 Npfs - ok
20:45:31.0687 0948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:45:31.0703 0948 Ntfs - ok
20:45:31.0765 0948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:45:31.0781 0948 Null - ok
20:45:32.0296 0948 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:45:32.0484 0948 nv - ok
20:45:32.0562 0948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:45:32.0562 0948 NwlnkFlt - ok
20:45:32.0593 0948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:45:32.0593 0948 NwlnkFwd - ok
20:45:32.0671 0948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:45:32.0671 0948 Parport - ok
20:45:32.0703 0948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:45:32.0703 0948 PartMgr - ok
20:45:32.0750 0948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:45:32.0750 0948 ParVdm - ok
20:45:32.0828 0948 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:45:32.0828 0948 pccsmcfd - ok
20:45:32.0859 0948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:45:32.0859 0948 PCI - ok
20:45:32.0890 0948 PCIDump - ok
20:45:32.0921 0948 PCIIde - ok
20:45:32.0953 0948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:45:32.0953 0948 Pcmcia - ok
20:45:33.0000 0948 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
20:45:33.0000 0948 Pcouffin - ok
20:45:33.0062 0948 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
20:45:33.0062 0948 PCTCore - ok
20:45:33.0140 0948 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
20:45:33.0156 0948 pctDS - ok
20:45:33.0218 0948 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
20:45:33.0218 0948 pctEFA - ok
20:45:33.0250 0948 PDCOMP - ok
20:45:33.0281 0948 PDFRAME - ok
20:45:33.0312 0948 PDRELI - ok
20:45:33.0328 0948 PDRFRAME - ok
20:45:33.0343 0948 perc2 - ok
20:45:33.0375 0948 perc2hib - ok
20:45:33.0468 0948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:45:33.0468 0948 PptpMiniport - ok
20:45:33.0515 0948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:45:33.0515 0948 PSched - ok
20:45:33.0546 0948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:45:33.0546 0948 Ptilink - ok
20:45:33.0578 0948 ql1080 - ok
20:45:33.0593 0948 Ql10wnt - ok
20:45:33.0625 0948 ql12160 - ok
20:45:33.0640 0948 ql1240 - ok
20:45:33.0671 0948 ql1280 - ok
20:45:33.0843 0948 RapportCerberus_32029 (9919c63e9150af648c42d28b5d72a32f) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys
20:45:33.0843 0948 RapportCerberus_32029 - ok
20:45:33.0953 0948 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:45:33.0968 0948 RapportEI - ok
20:45:34.0046 0948 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\WINDOWS\system32\Drivers\RapportKELL.sys
20:45:34.0046 0948 RapportKELL - ok
20:45:34.0078 0948 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:45:34.0093 0948 RapportPG - ok
20:45:34.0109 0948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:45:34.0125 0948 RasAcd - ok
20:45:34.0156 0948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:45:34.0156 0948 Rasl2tp - ok
20:45:34.0203 0948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:45:34.0203 0948 RasPppoe - ok
20:45:34.0234 0948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:45:34.0234 0948 Raspti - ok
20:45:34.0296 0948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:45:34.0296 0948 Rdbss - ok
20:45:34.0343 0948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:45:34.0343 0948 RDPCDD - ok
20:45:34.0421 0948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:45:34.0421 0948 rdpdr - ok
20:45:34.0468 0948 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:45:34.0484 0948 RDPWD - ok
20:45:34.0546 0948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:45:34.0546 0948 redbook - ok
20:45:34.0593 0948 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
20:45:34.0593 0948 Revoflt - ok
20:45:34.0656 0948 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
20:45:34.0656 0948 RimUsb - ok
20:45:34.0703 0948 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:45:34.0703 0948 RimVSerPort - ok
20:45:34.0734 0948 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:45:34.0734 0948 ROOTMODEM - ok
20:45:34.0828 0948 rt2870 (5532f69d0a845ffe9d70b9e0392fe50a) C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:45:34.0828 0948 rt2870 - ok
20:45:34.0906 0948 s1018bus (12a851f30853a5a8e7b50341fa4b0ffb) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
20:45:34.0906 0948 s1018bus - ok
20:45:34.0953 0948 s1018mdfl (a0141d5dc689a892b3f30446cbe52575) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
20:45:34.0953 0948 s1018mdfl - ok
20:45:35.0000 0948 s1018mdm (07d430e4b2bfde6b07f31f1da6e7cab0) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
20:45:35.0000 0948 s1018mdm - ok
20:45:35.0031 0948 s1018mgmt (d73c20d3f0f825c8fd23f841cdcb14c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
20:45:35.0046 0948 s1018mgmt - ok
20:45:35.0109 0948 s1018nd5 (895a1a2812dbd5afdd5ca4686a89a33c) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
20:45:35.0109 0948 s1018nd5 - ok
20:45:35.0156 0948 s1018obex (a986e9683c74fa06456fd2ad34ba1490) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
20:45:35.0156 0948 s1018obex - ok
20:45:35.0203 0948 s1018unic (da83525924c23f30f37ac1d1f11d6f15) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
20:45:35.0203 0948 s1018unic - ok
20:45:35.0281 0948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:45:35.0296 0948 Secdrv - ok
20:45:35.0328 0948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:45:35.0328 0948 serenum - ok
20:45:35.0390 0948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:45:35.0390 0948 Serial - ok
20:45:35.0484 0948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:45:35.0484 0948 Sfloppy - ok
20:45:35.0515 0948 Simbad - ok
20:45:35.0578 0948 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:45:35.0578 0948 SLIP - ok
20:45:36.0078 0948 SNP2STD (d5c9643589313db08fd27a30d93e4146) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
20:45:36.0234 0948 SNP2STD - ok
20:45:36.0265 0948 Sparrow - ok
20:45:36.0328 0948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:45:36.0328 0948 splitter - ok
20:45:36.0390 0948 SQTECH905C (6f6a0307c30b33e65aaf52c46cea2ecd) C:\WINDOWS\system32\Drivers\Capt905c.sys
20:45:36.0390 0948 SQTECH905C - ok
20:45:36.0437 0948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:45:36.0437 0948 sr - ok
20:45:36.0531 0948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:45:36.0531 0948 Srv - ok
20:45:36.0609 0948 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:45:36.0609 0948 streamip - ok
20:45:36.0671 0948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:45:36.0671 0948 swenum - ok
20:45:36.0734 0948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:45:36.0734 0948 swmidi - ok
20:45:36.0781 0948 symc810 - ok
20:45:36.0812 0948 symc8xx - ok
20:45:36.0828 0948 sym_hi - ok
20:45:36.0859 0948 sym_u3 - ok
20:45:36.0921 0948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:45:36.0921 0948 sysaudio - ok
20:45:37.0000 0948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:45:37.0015 0948 Tcpip - ok
20:45:37.0062 0948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:45:37.0062 0948 TDPIPE - ok
20:45:37.0109 0948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:45:37.0109 0948 TDTCP - ok
20:45:37.0156 0948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:45:37.0171 0948 TermDD - ok
20:45:37.0218 0948 TosIde - ok
20:45:37.0265 0948 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
20:45:37.0265 0948 uagp35 - ok
20:45:37.0312 0948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:45:37.0328 0948 Udfs - ok
20:45:37.0343 0948 ultra - ok
20:45:37.0421 0948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:45:37.0421 0948 Update - ok
20:45:37.0468 0948 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:45:37.0484 0948 usbaudio - ok
20:45:37.0515 0948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:45:37.0515 0948 usbccgp - ok
20:45:37.0578 0948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:45:37.0578 0948 usbehci - ok
20:45:37.0640 0948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:45:37.0640 0948 usbhub - ok
20:45:37.0687 0948 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:45:37.0687 0948 usbprint - ok
20:45:37.0718 0948 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:45:37.0718 0948 usbscan - ok
20:45:37.0765 0948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:45:37.0765 0948 USBSTOR - ok
20:45:37.0796 0948 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:45:37.0812 0948 usbuhci - ok
20:45:37.0890 0948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:45:37.0890 0948 VgaSave - ok
20:45:37.0953 0948 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:45:37.0953 0948 viaagp1 - ok
20:45:38.0000 0948 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:45:38.0015 0948 ViaIde - ok
20:45:38.0078 0948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:45:38.0078 0948 VolSnap - ok
20:45:38.0156 0948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:45:38.0156 0948 Wanarp - ok
20:45:38.0218 0948 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:45:38.0234 0948 Wdf01000 - ok
20:45:38.0265 0948 WDICA - ok
20:45:38.0312 0948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:45:38.0312 0948 wdmaud - ok
20:45:38.0437 0948 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:45:38.0437 0948 WpdUsb - ok
20:45:38.0500 0948 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:45:38.0500 0948 WS2IFSL - ok
20:45:38.0546 0948 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:45:38.0562 0948 WSTCODEC - ok
20:45:38.0593 0948 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:45:38.0609 0948 WudfPf - ok
20:45:38.0656 0948 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:45:38.0656 0948 WudfRd - ok
20:45:38.0734 0948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:45:38.0859 0948 \Device\Harddisk0\DR0 - ok
20:45:38.0859 0948 Boot (0x1200) (8b1ece464fdf445234b654a3aa021776) \Device\Harddisk0\DR0\Partition0
20:45:38.0859 0948 \Device\Harddisk0\DR0\Partition0 - ok
20:45:38.0859 0948 ============================================================
20:45:38.0859 0948 Scan finished
20:45:38.0859 0948 ============================================================
20:45:38.0890 3456 Detected object count: 0
20:45:38.0890 3456 Actual detected object count: 0
20:46:00.0843 3888 Deinitialize success
__________________
Blackwood is offline  
Old 10-23-2011, 01:14 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Is there another ComboFix log at C:\Qoobox\CombFix2.txt?
If so please post it,

the aswmbr log advised the following core file was infected:

C:\WINDOWS\system32\winsrv.dll


I was to see if the first run of ComboFix replaced that or if it is still infected,

Please upload that file for analysis


submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\WINDOWS\system32\winsrv.dll
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


Please advise how the computer is running now
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-23-2011, 01:29 PM   #13
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Okay part 1 of your query there was a file called Qoobox\ComboFix-quarantined-files.txt which is:

2011-10-23 16:48:03 . 2011-10-23 16:48:03 632 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ZoneAlarm Client.reg.dat
2011-10-23 16:48:02 . 2011-10-23 16:48:02 698 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-WinUtilities Memory Optimizer.reg.dat
2011-10-23 16:48:02 . 2011-10-23 16:48:02 636 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat
2011-10-23 16:48:02 . 2011-10-23 16:48:02 696 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PCSuiteTrayApplication.reg.dat
2011-10-23 16:48:02 . 2011-10-23 16:48:02 702 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Photo Downloader.reg.dat
2011-10-23 16:47:46 . 2011-10-23 16:47:46 125 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Cmaudio.reg.dat
2011-10-23 16:47:41 . 2011-10-23 16:47:41 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}.reg.dat
2011-10-23 16:40:19 . 2011-10-23 16:40:19 10,843 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-10-23 14:58:52 . 2011-10-23 16:28:03 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-07-18 13:22:58 . 2011-07-18 13:22:58 855 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\3b194b7303d1532b1f5d39dea9b3ec11.vir
2011-07-08 19:32:14 . 2011-07-08 19:32:14 791 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36eaa177f2d8f2bfa896ffe0bad8da4c.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 482 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2bcdd36f73e915f5e3956b0e359e2b94.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 873 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\62bc30f25d3fdeb4649ec65be608739b.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 735 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\639a4accf0b15e07ffc3e66029266ccf.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 704 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9840cd5f73490a37d4f3e47107ced675.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 895 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\cddda81bc855c2246ff278cf02b589c2.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 838 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\44567846e0387d6a62062ab4dbf9ae96.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 473 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\89c35566d3dfdce78572ff8c2a627ad2.vir
2011-07-08 19:32:14 . 2011-07-08 19:32:14 504 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\ed9007ba2da4365786024dbbc1251478.vir
2011-07-08 19:32:14 . 2011-07-08 19:43:52 117 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\acfc834035dccfb94e7f9067f5d48a83.vir
2011-07-08 19:32:13 . 2011-07-08 19:43:52 443 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82.vir
2011-07-08 19:32:13 . 2011-07-08 19:32:13 18,311 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\8d35ea89b743df255e7e9d41f61f157d.vir
2011-07-08 19:32:13 . 2011-07-08 19:32:13 15,376 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\48799e6132058471ea57d8066e8938b0.vir
2011-07-08 19:32:13 . 2011-07-08 19:32:13 8,878 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1dfcc21cb058972d1a78f2572e74c3c9.vir
2011-07-08 19:32:12 . 2011-07-08 19:43:52 1,294 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 896 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1a06816a192357f4189197196943329e.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 2,030 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 875 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fb95fd1b987bd4ffbcb67783e51679ec.vir
2011-07-08 19:32:11 . 2011-07-08 19:32:11 585 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 782 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\35db787c9ed332998cf35cd592dad718.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 580 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 634 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c99af55cb1bc0fa21b04e4d18edaf729.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 376 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 698 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\df4570be347a68121d038aa7552d3745.vir
2011-07-08 19:32:11 . 2011-07-08 19:43:52 223 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714.vir
2011-07-08 19:32:11 . 2011-07-08 19:51:06 2,823 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff.vir
2011-07-08 19:32:11 . 2011-07-08 19:32:11 1,485 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39.vir
2011-07-08 19:32:10 . 2011-07-08 19:32:10 5,809 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1c76e82ec54cd18a4ded0139fc7b9347.vir
2011-07-08 19:32:09 . 2011-07-08 19:43:57 8,915 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\2b1e48aafe5ac3b69f54a1e1e58e8419.vir
2011-07-08 19:32:09 . 2011-07-08 19:32:09 52 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Susan Smart\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6f11d3f57222d8d4ba62f45aa5ca79b4.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 766 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\26aaf652b3ae60696a4875f485da2f86.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 873 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\62bc30f25d3fdeb4649ec65be608739b.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 735 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\639a4accf0b15e07ffc3e66029266ccf.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 838 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\44567846e0387d6a62062ab4dbf9ae96.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 473 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\89c35566d3dfdce78572ff8c2a627ad2.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 117 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\acfc834035dccfb94e7f9067f5d48a83.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 482 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2bcdd36f73e915f5e3956b0e359e2b94.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 704 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9840cd5f73490a37d4f3e47107ced675.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 895 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\cddda81bc855c2246ff278cf02b589c2.vir
2011-06-30 17:10:43 . 2011-07-18 13:22:18 443 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82.vir
2011-06-30 17:10:42 . 2011-07-18 13:22:57 52 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6f11d3f57222d8d4ba62f45aa5ca79b4.vir
2011-06-30 17:10:41 . 2011-07-18 13:22:58 514 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\6cd49849edf124481f2c7d2f2ec60f1f.vir
2011-06-30 17:10:40 . 2011-07-18 13:22:19 1,294 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc.vir
2011-06-30 17:10:40 . 2011-07-18 13:22:57 16,381 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\8d35ea89b743df255e7e9d41f61f157d.vir
2011-06-30 17:10:40 . 2011-07-18 13:22:57 8,630 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1dfcc21cb058972d1a78f2572e74c3c9.vir
2011-06-30 17:10:40 . 2011-07-18 13:22:57 15,555 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\48799e6132058471ea57d8066e8938b0.vir
2011-06-30 17:10:40 . 2011-07-18 13:22:18 580 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82.vir
2011-06-30 17:10:40 . 2011-07-18 13:22:18 2,030 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d.vir
2011-06-30 17:10:40 . 2011-07-18 13:22:18 875 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fb95fd1b987bd4ffbcb67783e51679ec.vir
2011-06-30 17:10:40 . 2011-06-30 17:10:40 376 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476.vir
2011-06-30 17:10:39 . 2011-07-18 13:22:18 585 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe.vir
2011-06-30 17:10:39 . 2011-07-18 13:22:55 2,823 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff.vir
2011-06-30 17:10:39 . 2011-06-30 17:10:39 223 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714.vir
2011-06-30 17:10:39 . 2011-07-18 13:22:17 1,485 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39.vir
2011-06-30 17:10:39 . 2011-07-18 13:22:18 698 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\df4570be347a68121d038aa7552d3745.vir
2011-06-30 17:10:39 . 2011-07-18 13:22:18 782 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\35db787c9ed332998cf35cd592dad718.vir
2011-06-30 17:10:39 . 2011-07-18 13:22:18 896 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1a06816a192357f4189197196943329e.vir
2011-06-30 17:10:39 . 2011-07-18 13:22:18 634 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c99af55cb1bc0fa21b04e4d18edaf729.vir
2011-06-30 17:10:39 . 2011-06-30 17:10:39 5,809 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1c76e82ec54cd18a4ded0139fc7b9347.vir
2011-06-30 17:10:35 . 2011-07-18 13:22:57 8,915 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\2b1e48aafe5ac3b69f54a1e1e58e8419.vir
2011-04-04 12:18:05 . 2011-04-19 16:59:41 20,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Favorites\Thumbs.db.vir
2010-02-16 11:57:38 . 2010-02-16 11:57:38 301,568 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Burn4Free DB Toolbar\tbHElper.dll.vir
2009-03-30 18:12:32 . 2009-03-30 18:17:22 30 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Desktopicon\config.ini.vir
2009-03-29 18:48:02 . 2008-12-01 16:12:04 2,242 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\2BB\{5EA53F4A-210A-44AD-BDEF-A1881C2690DF}.swf.vir
2007-07-26 00:01:56 . 2005-01-26 22:45:18 349,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\WindowsXP-KB822603-x86.exe.vir
__________________
Blackwood is offline  
Old 10-23-2011, 01:40 PM   #14
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



okay heres the link to my results page for virustotal:

VirusTotal - Free Online Virus, Malware and URL Scanner
__________________
Blackwood is offline  
Old 10-23-2011, 06:44 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



hi,
that link takes me to the Virus Total upload page, not the results
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-24-2011, 12:23 AM   #16
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Sorry about that. heres the information:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
winsrv.dll
Submission date:
2011-10-24 07:17:24 (UTC)
Current status:
finished
Result:
2/ 43 (4.7%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.10.24.00 2011.10.24 -
AntiVir 7.11.16.110 2011.10.24 -
Antiy-AVL 2.0.3.7 2011.10.24 -
Avast 6.0.1289.0 2011.10.24 Win32:Malware-gen
AVG 10.0.0.1190 2011.10.23 -
BitDefender 7.2 2011.10.24 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.24 -
ClamAV 0.97.0.0 2011.10.24 -
Commtouch 5.3.2.6 2011.10.23 -
Comodo 10542 2011.10.23 -
DrWeb 5.0.2.03300 2011.10.24 -
Emsisoft 5.1.0.11 2011.10.24 -
eSafe 7.0.17.0 2011.10.17 -
eTrust-Vet 36.1.8633 2011.10.21 -
F-Prot 4.6.5.141 2011.10.23 -
F-Secure 9.0.16440.0 2011.10.24 -
Fortinet 4.3.370.0 2011.10.24 -
GData 22 2011.10.24 Win32:Malware-gen
Ikarus T3.1.1.107.0 2011.10.24 -
Jiangmin 13.0.900 2011.10.23 -
K7AntiVirus 9.116.5326 2011.10.22 -
Kaspersky 9.0.0.837 2011.10.24 -
McAfee 5.400.0.1158 2011.10.24 -
McAfee-GW-Edition 2010.1D 2011.10.23 -
Microsoft 1.7801 2011.10.24 -
NOD32 6568 2011.10.24 -
Norman 6.07.13 2011.10.23 -
nProtect 2011-10-23.01 2011.10.23 -
Panda 10.0.3.5 2011.10.23 -
PCTools 8.0.0.5 2011.10.24 -
Prevx 3.0 2011.10.24 -
Rising 23.81.00.01 2011.10.24 -
Sophos 4.70.0 2011.10.24 -
SUPERAntiSpyware 4.40.0.1006 2011.10.22 -
Symantec 20111.2.0.82 2011.10.24 -
TheHacker 6.7.0.1.330 2011.10.24 -
TrendMicro 9.500.0.1008 2011.10.24 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.24 -
VBA32 3.12.16.4 2011.10.21 -
VIPRE 10858 2011.10.24 -
ViRobot 2011.10.24.4734 2011.10.24 -
VirusBuster 14.1.26.0 2011.10.23 -
Additional information
MD5 : 95cf3446911a6e25ee4086df8a45b2aa
SHA1 : 984e2bb09f04abea4ae8ada1befa52691bab2413
SHA256: a68f49d17f9f6b19fc9670c67806c40fff2ed8281267b753cbe08cc7dc307d54
ssdeep: 6144:IHnxP/w6+lg0Hm34pvjMrXjKSRzVlY+08y92U+1+:IHnxX5Qm34Z8j9Vq+08G2Uf
File size : 293376 bytes
First seen: 2011-08-09 17:48:02
Last seen : 2011-10-24 07:17:24
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Server DLL
original name: winsrv.dll
internal name: winsrv
file version.: 5.1.2600.6125 (xpsp_sp3_gdr.110620-1711)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x73B3
timedatestamp....: 0x4DFF8714 (Mon Jun 20 17:44:52 2011)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3530F, 0x35400, 6.60, e16395b8c858be623c35448a3b15f1aa
FE_TEXT, 0x37000, 0x5696, 0x5800, 6.45, 03ac420d13b84811e2d30d9c2a03bf93
.data, 0x3D000, 0xF18, 0xE00, 1.74, 486c627b1ca0a4318e63f04e33927900
.rsrc, 0x3E000, 0x9840, 0x9A00, 4.67, 0479bb48477dd07b27ec9234b81b63a6
.reloc, 0x48000, 0x20D0, 0x2200, 6.69, a9163faaf205ac6a53bd1325a45ffe29

[[ 6 import(s) ]]
BASESRV.dll: BaseSrvNlsUpdateRegistryCache, BaseSrvNlsLogon, BaseSetProcessCreateNotify
CSRSRV.dll: CsrSetForegroundPriority, CsrSetBackgroundPriority, CsrCreateWait, CsrMoveSatisfiedWait, CsrDereferenceWait, CsrNotifyWait, CsrValidateMessageBuffer, CsrPopulateDosDevices, CsrDereferenceProcess, CsrReferenceThread, CsrLockThreadByClientId, CsrUnlockThread, CsrGetProcessLuid, CsrAddStaticServerThread, CsrLockProcessByClientId, CsrUnlockProcess, CsrExecServerThread, CsrConnectToUser, CsrDereferenceThread, CsrImpersonateClient, CsrRevertToSelf, CsrQueryApiPort, CsrShutdownProcesses
GDI32.dll: CreateSolidBrush, DeleteObject, DeleteDC, GdiTransparentBlt, SelectObject, CreateCompatibleDC, GdiGetSpoolMessage, GdiInitSpool, bMakePathNameW, SetBitmapBits, CreateCompatibleBitmap, StretchDIBits, CombineRgn, InvertRgn, CreateDIBitmap, GetDIBits, PolyPatBlt, StretchBlt, GetBitmapBits, SetFontEnumeration, GetTextFaceW, EnumFontFamiliesExW, GetTextExtentPoint32W, CreateFontIndirectW, GdiAddFontResourceW, CreateBitmap, BitBlt, GetTextMetricsW, GetCharWidth32W, SetBkMode, GetStockObject, ExtTextOutW, PatBlt, GetRgnBox, GetCurrentObject, GdiConsoleTextOut, GdiFlush, GetRegionData, CreateRectRgn, CreateDCW, GetDeviceCaps, SetDIBitsToDevice, GetNearestColor, SetDCBrushColor, SetTextColor, SetBkColor, TranslateCharsetInfo, GetStringBitmapW, GdiFullscreenControl, SelectPalette, SetSystemPaletteUse, RealizePalette, GetLayout, SetLayout, GetObjectW
KERNEL32.dll: InitializeCriticalSection, LocalReAlloc, LoadLibraryW, LeaveCriticalSection, EnterCriticalSection, RaiseException, GetModuleFileNameW, TerminateProcess, UnhandledExceptionFilter, CreateFileW, GlobalAlloc, GlobalSize, WTSGetActiveConsoleSessionId, GetCPInfo, WideCharToMultiByte, OpenProfileUserMapping, GetPrivateProfileStringW, CloseProfileUserMapping, GlobalAddAtomA, GlobalLock, lstrcpynW, GlobalUnlock, GlobalFree, SetProcessWorkingSetSize, GetStringTypeW, MultiByteToWideChar, InterlockedIncrement, InterlockedDecrement, FindResourceExW, LoadResource, LockResource, lstrlenA, Beep, TlsSetValue, TlsGetValue, GetExitCodeThread, GetExitCodeProcess, SetFilePointer, GetSystemDirectoryA, CreateFileA, GetOEMCP, GetACP, TlsAlloc, IsValidCodePage, lstrlenW, DuplicateHandle, ReadFile, CreateThread, GetCurrentThread, GetCurrentProcess, SetUnhandledExceptionFilter, SetNamedPipeHandleState, TransactNamedPipe, WaitForSingleObject, GetOverlappedResult, WaitNamedPipeW, OpenEventW, SetEvent, SetClientTimeZoneInformation, LoadLibraryExA, SetLastError, CreateRemoteThread, WaitForMultipleObjects, OpenProcess, CreateEventW, GetLastError, Sleep, CloseHandle, GetModuleHandleW, LocalAlloc, LocalFree, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, DisableThreadLibraryCalls, LoadLibraryA, InterlockedCompareExchange, FreeLibrary, GetProcAddress, DelayLoadFailureHook
ntdll.dll: NtNotifyChangeKey, NtSetSystemInformation, NtQueryValueKey, RtlInitUnicodeString, NtOpenKey, NtQueryInformationProcess, RtlFreeSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, NtResetEvent, NtWaitForMultipleObjects, NtCreateEvent, swprintf, NtSetInformationThread, RtlUnicodeStringToInteger, NtClose, RtlOpenCurrentUser, NtSetEvent, LdrFlushAlternateResourceModules, RtlCreateUserThread, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlInitializeCriticalSection, NtQueryInformationToken, NtAlertThread, DbgUiIssueRemoteBreakin, DbgBreakPoint, _ltow, NtOpenProcessToken, RtlNtStatusToDosError, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, wcsncmp, NtClearEvent, NtWaitForSingleObject, NtTerminateProcess, NtQueryInformationThread, NtReplyPort, _vsnwprintf, RtlEqualUnicodeString, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlFreeUnicodeString, wcslen, RtlFindMessage, NtResumeThread, RtlFreeHeap, memmove, RtlCreateUnicodeString, _strnicmp, RtlFreeAnsiString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, strstr, RtlUnicodeStringToAnsiString, NtReadVirtualMemory, NtDeviceIoControlFile, NtMakeTemporaryObject, wcscmp, NtQueryDirectoryObject, NtOpenDirectoryObject, _chkstk, NtRequestWaitReplyPort, NtConnectPort, wcscpy, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCopySid, _alloca_probe, RtlGetDaclSecurityDescriptor, RtlGetOwnerSecurityDescriptor, NtRequestPort, RtlCreateTagHeap, RtlCreateHeap, RtlAllocateHeap, NtEnumerateValueKey, wcsncpy, NtQueryKey, RtlDosSearchPath_U, NtDuplicateObject, NtOpenProcess, RtlInitializeCriticalSectionAndSpinCount, RtlSizeHeap, NtMapViewOfSection, NtCreateSection, NtUnmapViewOfSection, NtVdmControl, NtTerminateThread, RtlCompareUnicodeString, atoi, _itoa, NtReleaseMutant, NtCreateMutant, NtQueryVirtualMemory, RtlUnwind, RtlPrefixUnicodeString, RtlIntegerToUnicodeString, RtlMultiByteToUnicodeN, RtlOemToUnicodeN, RtlUnicodeToMultiByteSize, RtlUnicodeToOemN, RtlInitCodePageTable, RtlUnicodeToMultiByteN, RtlCustomCPToUnicodeN, wcschr, wcsrchr, wcsstr, _wcsupr, NtProtectVirtualMemory, RtlImageDirectoryEntryToData, RtlReAllocateHeap, RtlConsoleMultiByteToUnicodeN, RtlDeleteCriticalSection
USER32.dll: RegisterWindowMessageW, GetWindow, PostMessageW, DialogBoxParamW, EndDialog, GetDlgItemTextW, IsDlgButtonChecked, SendDlgItemMessageW, CheckRadioButton, GetWindowPlacement, SetWindowPlacement, EnableMenuItem, LoadMenuW, AppendMenuW, SetMenuItemInfoW, PtInRect, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, GetForegroundWindow, CreateWindowExW, GetSystemMenu, GetLastActivePopup, GetCursorPos, WindowFromPoint, DefWindowProcW, SetCursor, TrackPopupMenuEx, UnpackDDElParam, CreateIconFromResourceEx, ReuseDDElParam, ShowWindowAsync, ReplyMessage, ScrollDC, SetScrollInfo, GetKeyboardLayout, IsWinEventHookInstalled, NotifyWinEvent, SetActiveWindow, MonitorFromRect, GetMonitorInfoW, AdjustWindowRectEx, GetCaretBlinkTime, VkKeyScanW, IsIconic, ClientToScreen, ScreenToClient, ActivateKeyboardLayout, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, CopyIcon, DestroyIcon, ShowWindow, LoadStringW, ReleaseCapture, SetCapture, GetKeyboardState, ToUnicodeEx, SetThreadDesktop, SetWindowsHookExW, GetMessageW, UnhookWindowsHookEx, TranslateMessageEx, GetKeyState, SetConsoleReserveKeys, MapVirtualKeyW, CloseWindowStation, GetUserObjectInformationW, CloseDesktop, PrivateExtractIconExW, wsprintfW, LoadCursorW, LoadImageW, RegisterClassExW, SendMessageTimeoutW, IsWindow, IsWindowEnabled, GetWindowTextW, MsgWaitForMultipleObjects, PeekMessageW, DispatchMessageW, TranslateMessage, GetWindowRect, GetSysColor, MapWindowPoints, OffsetRect, InflateRect, GetSystemMetrics, GetClientRect, SetForegroundWindow, InvalidateRect, KillTimer, SetWindowPos, SetFocus, SendMessageW, GetDlgItem, SetTimer, SetDlgItemTextW, EndPaint, LoadBitmapW, DrawEdge, DrawIcon, BeginPaint, LoadIconW, GetClassLongW, GetPropW, SetWindowTextW, SetWindowLongW, DestroyWindow, ReleaseDC, FillRect, GetDC, GetWindowLongW, GetClassNameW, RecordShutdownReason, GetGUIThreadInfo, SendInput, GetLastInputInfo, SystemParametersInfoW, CtxInitUser32, GetWindowTextLengthW, PostThreadMessageW, WCSToMBEx, MB_GetString, SoftModalMessageBox, MessageBoxTimeoutW, GetTaskmanWindow, BroadcastSystemMessageW, GetWindowThreadProcessId, MessageBoxExW, EnumThreadWindows, SendNotifyMessageW, SendMessageCallbackW, CreateDialogParamW, IsDialogMessageW, CallMsgFilterW

[[ 4 export(s) ]]
ConServerDllInitialization, UserServerDllInitialization, _UserSoundSentry, _UserTestTokenForInteractive
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 240640
CompanyName: Microsoft Corporation
EntryPoint: 0x73b3
FileDescription: Windows Server DLL
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 286 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 5.1.2600.6125 (xpsp_sp3_gdr.110620-1711)
FileVersionNumber: 5.1.2600.6125
ImageVersion: 5.1
InitializedDataSize: 52224
InternalName: winsrv
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Dynamic link library
OriginalFilename: winsrv.dll
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 5.1.2600.6125
ProductVersionNumber: 5.1.2600.6125
Subsystem: Windows command line
SubsystemVersion: 4.1
TimeStamp: 201120 19:44:52+02:00
UninitializedDataSize: 0
__________________
Blackwood is offline  
Old 10-24-2011, 02:40 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi

let's see if there is a replacement, just to be sure

please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    *winsrv*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-24-2011, 11:21 PM   #18
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Okay heres the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:18 on 25/10/2011 by David
Administrator - Elevation successful

========== filefind ==========

Searching for "*winsrv*"
C:\Documents and Settings\David\Recent\winsrv.dll.lnk --a---- 626 bytes [20:33 23/10/2011] [07:22 24/10/2011] 06ABF073724468D13C51439407813B0A
C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll --a---- 293376 bytes [17:43 18/06/2010] [17:43 18/06/2010] 6DC05976FB5B8E1358EAC8BEDFD1FA47
C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll --a---- 293376 bytes [11:02 26/04/2011] [11:02 26/04/2011] F52D3C601CF618479F9AD43B07599BED
C:\WINDOWS\$hf_mig$\KB2567680\SP3QFE\winsrv.dll --a---- 293376 bytes [17:43 20/06/2011] [17:43 20/06/2011] 3C733ABE4F13206414F670F86C5F79D8
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll --a---- 291328 bytes [18:19 02/03/2005] [18:19 02/03/2005] 0F292F96B5967F31793C74007A0368AB
C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll --a---- 291840 bytes [01:44 01/09/2005] [01:44 01/09/2005] 3642C99D14EC986DDE123C9D2846427D
C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll --a---- 292864 bytes [13:45 17/03/2007] [13:45 17/03/2007] 3E958EBBE7DA5691E8B08429A7EDB44B
C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll -----c- 292864 bytes [21:29 21/07/2008] [13:43 17/03/2007] 3D21B3BE0C5768E76FD9780E9CF9E07C
C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll -----c- 293376 bytes [11:37 13/07/2011] [17:45 18/06/2010] 42B5427FAC23BF6F1F31E466B7FEB084
C:\WINDOWS\$NtUninstallKB2567680$\winsrv.dll -----c- 293376 bytes [19:17 11/08/2011] [11:07 26/04/2011] EC0A223C4854E98A3AFB2C31B7B420A0
C:\WINDOWS\ServicePackFiles\i386\winsrv.dll ------- 293376 bytes [21:39 21/07/2008] [04:42 14/04/2008] 1618F36D4F7F6CCCEB3EE44BA95BE85C
C:\WINDOWS\system32\winsrv.dll --a---- 293376 bytes [12:00 04/08/2004] [17:44 20/06/2011] 95CF3446911A6E25EE4086DF8A45B2AA
C:\WINDOWS\system32\dllcache\winsrv.dll -----c- 293376 bytes [17:45 18/06/2010] [17:44 20/06/2011] 95CF3446911A6E25EE4086DF8A45B2AA

-= EOF =-
__________________
Blackwood is offline  
Old 10-25-2011, 05:23 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,822
OS: XP, Vista, Win7



Hi,

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
FCopy::
C:\WINDOWS\system32\dllcache\winsrv.dll | C:\WINDOWS\system32\winsrv.dll 

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 10-25-2011, 10:36 AM   #20
Registered Member
 
Join Date: Mar 2008
Posts: 49
OS: Win xp IE7



Okay here's the result for that:

ComboFix 11-10-24.05 - David 25/10/2011 14:10:35.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.767.376 [GMT 1:00]
Running from: c:\documents and settings\David\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Favorites\Thumbs.db
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\winsrv.dll --> c:\windows\system32\winsrv.dll
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 09:14 . 2011-10-25 09:14 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{691A9A96-4DEA-429E-AA55-E6003A833C43}\offreg.dll
2011-10-25 09:14 . 2011-10-18 01:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{691A9A96-4DEA-429E-AA55-E6003A833C43}\mpengine.dll
2011-10-23 21:14 . 2011-10-23 22:17 413696 ----a-r- c:\documents and settings\David\Application Data\Microsoft\Installer\{AD7C4856-16B0-45AB-AB37-AD61A0610FEC}\BlackBerry.exe
2011-10-23 20:53 . 2011-10-23 21:33 -------- d-----w- c:\documents and settings\David\Application Data\Research In Motion
2011-10-23 20:52 . 2011-10-23 20:52 53248 ----a-r- c:\documents and settings\David\Application Data\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-10-23 20:07 . 2011-10-23 21:28 -------- d-----w- c:\program files\Research In Motion
2011-10-23 20:07 . 2011-10-23 21:12 -------- d-----w- c:\program files\Common Files\Research In Motion
2011-10-23 16:00 . 2011-10-23 16:00 -------- d-sh--w- c:\documents and settings\Administrator.HOME-96DDBCAEEA\IETldCache
2011-10-23 14:43 . 2011-10-23 14:48 -------- d-----w- c:\documents and settings\New
2011-10-22 12:02 . 2011-10-18 01:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-22 12:02 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-22 11:59 . 2011-10-22 11:59 -------- d-----w- c:\program files\Windows Defender
2011-10-21 19:22 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-21 19:22 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-10-21 19:21 . 2010-11-25 09:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-21 19:21 . 2011-10-23 12:50 -------- d-----w- c:\program files\PC Tools Security
2011-10-21 19:21 . 2011-10-21 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-10-21 19:21 . 2011-10-21 19:21 -------- d-----w- c:\documents and settings\David\Application Data\PC Tools
2011-10-21 18:23 . 2011-10-21 18:23 -------- d-----w- c:\program files\BEARSH~1
2011-10-21 18:11 . 2011-10-22 12:48 -------- d-----w- c:\program files\Enigma Software Group
2011-10-21 18:11 . 2011-10-22 12:45 -------- d-----w- C:\sh4ldr
2011-10-21 18:11 . 2011-10-22 12:44 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-21 18:10 . 2011-10-21 18:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-18 14:30 . 2011-10-18 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-10-18 13:45 . 2011-10-03 04:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-18 13:45 . 2011-10-03 04:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 13:41 . 2011-10-18 13:41 -------- d-----w- c:\documents and settings\UpdatusUser
2011-10-18 13:41 . 2011-10-18 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-10-18 13:40 . 2011-08-03 11:49 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-10-18 13:40 . 2011-08-03 11:49 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-18 13:39 . 2011-10-18 13:39 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-18 13:39 . 2011-10-18 13:39 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-18 13:39 . 2011-10-18 13:39 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-18 13:38 . 2011-08-03 11:49 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-18 13:38 . 2011-08-03 11:49 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-18 13:38 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-18 13:38 . 2011-08-03 11:49 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-18 13:38 . 2011-08-03 11:49 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-18 13:38 . 2011-08-03 11:49 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-18 13:38 . 2011-08-03 11:49 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-18 13:38 . 2011-10-18 13:41 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-18 13:31 . 2011-10-20 10:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:28 . 2009-09-02 12:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-10-17 16:43 . 2011-10-17 16:58 -------- d-----w- C:\My DVD
2011-10-17 16:41 . 2011-10-17 16:41 -------- d-----w- c:\program files\XviD
2011-10-17 16:41 . 2004-07-26 11:12 187904 ----a-w- c:\windows\system32\Lame.exe
2011-10-17 16:41 . 2011-10-17 16:41 641021 ----a-w- c:\windows\unins000.exe
2011-10-17 16:41 . 2004-07-26 11:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-10-17 16:40 . 2011-10-17 17:31 -------- d-----w- c:\program files\EasyDVDRip
2011-10-16 13:23 . 2010-11-19 17:04 892928 ----a-w- c:\windows\system32\iconv.dll
2011-10-16 13:23 . 2010-11-19 17:04 675840 ----a-w- c:\windows\system32\ac3filter.ax
2011-10-16 13:23 . 2004-12-20 10:10 61440 ----a-w- c:\windows\system32\xvid.ax
2011-10-16 13:23 . 2011-10-16 20:49 -------- d-----w- c:\program files\Wondershare
2011-10-15 14:19 . 2011-10-15 14:19 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-10-15 14:19 . 2011-10-15 14:19 -------- d-----w- c:\program files\EDIMAX
2011-10-15 14:19 . 2008-07-29 23:44 619136 ----a-w- c:\windows\system32\drivers\rt2870.sys
2011-10-15 14:19 . 2008-07-29 23:43 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2011-10-15 14:19 . 2008-06-15 22:57 4096 ----a-w- c:\windows\system32\drivers\rt2870.bin
2011-10-15 14:19 . 2011-10-15 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Edimax Driver
2011-10-12 16:57 . 2011-10-22 12:56 -------- d-----w- c:\documents and settings\David\Application Data\AVG2012
2011-10-12 16:52 . 2011-10-12 16:52 -------- d-----w- c:\documents and settings\Susan Smart\Application Data\AVG2012
2011-10-12 16:50 . 2011-10-22 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-27 09:35 . 2011-09-27 09:35 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Trusteer
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 01:37 . 2008-01-30 19:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 10:41 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 05:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-07-22 11:58 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 05:08 . 2010-09-07 02:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-08-03 11:49 . 2007-07-24 10:55 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2007-07-24 10:54 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2006-10-22 11:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2006-10-22 11:22 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2006-10-22 11:22 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2006-10-22 11:22 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2006-10-22 11:22 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2006-10-22 11:22 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-01 11:24 . 2011-03-23 20:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-23_16.45.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-25 09:07 . 2011-10-25 09:07 16384 c:\windows\Temp\Perflib_Perfdata_760.dat
+ 2011-10-23 22:17 . 2011-07-20 14:13 35328 c:\windows\system32\ReinstallBackups\0025\DriverFiles\RimSerial.sys
+ 2011-10-23 21:31 . 2011-07-20 14:13 35328 c:\windows\system32\ReinstallBackups\0024\DriverFiles\RimSerial.sys
+ 2011-10-23 21:14 . 2011-07-20 14:13 35328 c:\windows\system32\ReinstallBackups\0023\DriverFiles\RimSerial.sys
+ 2011-10-23 20:08 . 2011-07-20 14:13 35328 c:\windows\system32\ReinstallBackups\0022\DriverFiles\RimSerial.sys
+ 2011-07-25 16:53 . 2011-07-25 16:53 64512 c:\windows\system32\drivers\RimUsb.sys
+ 2010-06-14 10:53 . 2011-07-20 14:13 35328 c:\windows\system32\drivers\RimSerial.sys
+ 2011-10-23 20:07 . 2011-10-23 20:07 69632 c:\windows\Installer\{B768E610-7C54-4BA8-A184-B4683515D1EF}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2011-10-23 21:31 . 2011-10-23 21:31 69632 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2004-08-04 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-23 20:07 . 2011-10-23 20:07 413696 c:\windows\Installer\{B768E610-7C54-4BA8-A184-B4683515D1EF}\ARPPRODUCTICON.exe
+ 2011-10-23 21:31 . 2011-10-23 21:31 413696 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
+ 2011-10-23 21:31 . 2011-10-23 21:31 413696 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
+ 2011-10-23 21:31 . 2011-10-23 21:31 413696 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\ARPPRODUCTICON.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2009-11-30 18:55 . 2011-07-20 16:23 1112288 c:\windows\system32\WdfCoInstaller01007.dll
- 2009-11-30 18:55 . 2008-03-27 17:49 1112288 c:\windows\system32\wdfcoinstaller01007.dll
+ 2011-10-23 22:17 . 2011-07-20 16:23 1112288 c:\windows\system32\ReinstallBackups\0025\DriverFiles\WdfCoInstaller01007.dll
+ 2011-10-23 21:31 . 2011-07-20 16:23 1112288 c:\windows\system32\ReinstallBackups\0024\DriverFiles\WdfCoInstaller01007.dll
+ 2011-10-23 21:14 . 2011-07-20 16:23 1112288 c:\windows\system32\ReinstallBackups\0023\DriverFiles\WdfCoInstaller01007.dll
+ 2011-10-23 20:08 . 2011-07-20 16:23 1112288 c:\windows\system32\ReinstallBackups\0022\DriverFiles\WdfCoInstaller01007.dll
+ 2011-10-23 20:52 . 2011-10-23 20:52 1942016 c:\windows\Installer\3a0cea.msi
+ 2011-06-06 11:55 . 2011-06-06 11:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-10-23 21:30 . 2011-10-23 21:30 21989888 c:\windows\Installer\4cb00c.msi
+ 2011-10-23 21:14 . 2011-10-23 21:14 21324800 c:\windows\Installer\4cafe9.msi
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\4a361.msp
+ 2011-10-23 20:07 . 2011-10-23 20:07 16090112 c:\windows\Installer\10d1a1.msi
+ 2011-06-06 11:55 . 2011-06-06 11:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"C-Media Mixer"="Mixer.exe" [2004-08-11 1228800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-07-26 82256]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2011-10-15 1601536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-04-09 09:19 634880 ----a-w- c:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
2004-08-04 12:00 3072 ----a-w- c:\windows\system32\systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitLord 1.2\\Bitlord files\\bitlord.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/02/2010 22:42 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [21/10/2011 20:22 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [21/10/2011 20:22 656320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 295248]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 12:50 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [18/10/2011 14:41 2255464]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 15:23 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 15:23 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 15:23 16720]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\David\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\David\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04/08/2004 13:00 14336]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22/07/2009 18:31 47360]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [13/02/2011 14:13 27064]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [31/07/2009 10:03 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [31/07/2009 10:03 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [31/07/2009 10:03 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [31/07/2009 10:03 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [31/07/2009 10:03 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [31/07/2009 10:03 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [31/07/2009 10:03 109736]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [21/10/2011 20:21 366840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{D5D17671-56EE-4057-99F5-BE822D7EF593}
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: saynoto0870.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\fak05eg6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/burn4free/{D646C6BE-FF2C-4457-B8AB-97DC8B64FD73}?q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-25 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-10-25 14:25:48
ComboFix-quarantined-files.txt 2011-10-25 13:25
ComboFix2.txt 2011-10-23 16:49
.
Pre-Run: 15,868,227,584 bytes free
Post-Run: 15,985,364,992 bytes free
.
- - End Of File - - F6B4E92CC27F9DE4D41A48776F2DFFE3

__________________
Blackwood is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware - infected with Spyware Protection
Running Win XP Home Edition Version 2002 SP3. Something called STOPzilla was saying DrgToDsk.exe is infected with W32/Blaster.worm. Was able to remove STOPzilla, as well as the Roxio programs, including Drag to Disk. Updated logs attached and dss.txt pasted below were run after removing these...
tamaru Resolved HJT Threads 30 09-11-2011 08:47 AM
Malware problem, logs attached
Hello TSF, Thanks in advance for checking out my thread. There is some sort of malware infection on my laptop. Received it a few days ago. I saw a previous thread with a similar attack (hxxp://www.techsupportforum.com/forums/f284/antivirus-software-alert-444545.html) but it went dead...
dhcox36 Inactive Malware Help Topics 6 01-20-2011 09:51 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:30 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts