Previous Topic Next Topic

Virus Rootkit.Win32.TDSS.d

Solved/Closed
-somebody- Posts 21 Registration date Wednesday March 31, 2010 Status Member Last seen June 27, 2010 - Mar 31, 2010 at 04:23 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Sep 14, 2010 at 04:32 PM

My kaspersky antivirus found this virus and it tried 2 times to remove it, it restarted computer 2 times, but still no change and virus is still here, btw I found out about that virus and someone sent some post about tool from kaspersky "rescue disk" or something, i have that tool but dont know what I have to do?

i read about that virus on wiki and i am pretty scared abaot what it can do to my system , pls help me , thanks
Related:

10 responses

Answer 1 / 10
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Mar 31, 2010 at 04:45 PM
Hello,

With all do respect, you certainly do not need the Kaspersky rescue disk or anything of that nature.

A rootkit is much more maligne than Kaspersky.

1. Please download on your desktop Combox Fix:

https://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before you run ComboxFix, please:

2. Close all open Windows including this one.

3. Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

4. Disconnect your modem.

5. Double click on the Combofix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

6. Agree with the disclaimer and the creation of the recovery.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

At the end of the scan a log will be saved in: C:\ComboFix.txt

Tell me how your system is performing.

Please do give me your feedback.

Thank you
2
-somebody- Posts 21 Registration date Wednesday March 31, 2010 Status Member Last seen June 27, 2010 1
Apr 1, 2010 at 02:54 AM
ComboFix 10-03-29.04 - Administrator 01.04.2010 9:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1023.703 [GMT 2:00]
Running from: c:\documents and settings\Administrator.ORG-3E4926DA8B3\My Documents\Preuzimanja\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DIRECT.TMP
c:\documents and settings\Administrator.KORISNIK-69A197\real.txt
c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Desktopicon
c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Desktopicon\uninst.exe
c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Temporary Internet Files\4rD8UCrg.jpg
c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Temporary Internet Files\5oSOpa8.jpg
c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Temporary Internet Files\jp8xc2.jpg
c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Temporary Internet Files\p8uUw.jpg
c:\documents and settings\Administrator\Application Data\Install.dat
c:\documents and settings\All Users.WINDOWS.\documents\settings
C:\install.exe
c:\recycler\S-1-5-21-1935655697-963894560-839522115-500
c:\recycler\S-1-5-21-1960408961-527237240-725345543-500
c:\recycler\Sysprint
C:\Thumbs.db

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-03-31 19:50 . 2010-03-31 19:50 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-03-31 19:46 . 2010-03-31 20:00 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-31 19:46 . 2010-03-31 20:00 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-31 19:44 . 2010-04-01 07:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-03-31 19:44 . 2010-03-31 19:44 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-31 19:42 . 2010-03-31 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-03-31 12:14 . 2010-03-31 12:14 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Malwarebytes
2010-03-31 12:13 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 12:13 . 2010-03-31 12:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-31 12:13 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 12:13 . 2010-03-31 12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 11:55 . 2010-03-31 11:55 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Application Data\Conduit
2010-03-31 11:55 . 2010-03-31 12:39 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Application Data\ToggleEN
2010-03-31 11:55 . 2010-03-31 11:55 -------- d-----w- c:\program files\Conduit
2010-03-31 11:55 . 2010-03-31 19:06 -------- d-----w- c:\program files\ToggleEN
2010-03-30 17:37 . 2010-03-31 11:56 195584 --sha-w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Application Data\3771543548.dll
2010-03-30 16:41 . 2010-03-30 16:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\GrabPro
2010-03-27 14:34 . 2010-03-27 14:35 -------- d-----w- c:\program files\Unlocker
2010-03-18 07:51 . 2010-03-18 07:51 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Apple
2010-03-11 10:26 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 09:58 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 07:38 . 2009-12-16 18:49 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Skype
2010-03-31 20:02 . 2010-03-31 20:02 932368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-03-31 20:02 . 2010-03-31 20:02 678416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-03-31 20:02 . 2010-03-31 20:02 604688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-03-31 20:02 . 2010-03-31 20:02 1096208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-03-31 20:02 . 2010-03-31 20:02 522768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-03-31 20:00 . 2009-05-24 13:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-03-31 20:00 . 2010-03-31 20:00 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-31 20:00 . 2010-03-31 20:00 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-31 20:00 . 2010-03-31 20:00 296976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2010-03-31 20:00 . 2010-03-31 20:00 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-31 20:00 . 2010-03-31 20:00 128016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2010-03-31 20:00 . 2010-03-31 20:00 59920 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-31 20:00 . 2010-03-31 20:00 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-31 20:00 . 2010-03-31 20:00 109072 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-31 20:00 . 2010-03-31 20:00 296976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2010-03-31 20:00 . 2010-03-31 20:00 128016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2010-03-31 12:39 . 2009-09-05 15:40 -------- d-----w- c:\program files\Orbitdownloader
2010-03-31 11:40 . 2009-09-05 15:40 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Orbit
2010-03-29 13:23 . 2010-02-11 19:44 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Apple Computer
2010-03-11 08:40 . 2009-08-10 10:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-10 11:06 . 2009-11-09 13:45 -------- d-----w- c:\program files\Help
2010-02-12 23:02 . 2009-12-16 18:50 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\skypePM
2010-02-11 19:47 . 2010-02-11 19:47 77060 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-11 19:43 . 2010-02-11 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-11 19:43 . 2009-02-04 18:28 -------- d-----w- c:\program files\iTunes
2010-02-11 19:42 . 2009-02-04 18:28 -------- d-----w- c:\program files\iPod
2010-02-11 19:42 . 2010-02-11 19:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-02-11 19:41 . 2009-02-04 18:26 -------- d-----w- c:\program files\Bonjour
2010-02-11 19:40 . 2007-04-21 12:17 -------- d-----w- c:\program files\QuickTime
2010-02-11 19:35 . 2010-02-11 19:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2010-02-11 19:35 . 2008-05-10 19:00 -------- d-----w- c:\program files\Common Files\Apple
2010-02-08 21:51 . 2010-02-08 21:51 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Arario
2010-02-08 21:45 . 2010-02-08 21:45 -------- d-----w- c:\program files\Arario
2010-02-06 19:32 . 2009-12-16 18:32 -------- d-----w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\GSC 2.00
2010-01-22 18:51 . 2010-01-22 18:51 72488 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-20 10:13 . 2010-03-31 11:56 52224 ----a-w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Mozilla\Firefox\Profiles\k5t0mzjz.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFExternalAlert.dll
2010-01-20 10:13 . 2010-03-31 11:56 101376 ----a-w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Mozilla\Firefox\Profiles\k5t0mzjz.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCore.dll
2010-01-07 00:38 . 2010-01-07 00:38 2367488 ----a-w- c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Arario\crossfire\AraGameLauncher2.exe
2010-01-05 09:57 . 2007-03-21 10:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2007-03-21 10:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2007-03-21 10:11 17408 ----a-w- c:\windows\system32\corpol.dll
2009-11-09 13:46 . 2009-11-09 13:46 89 ----a-w- c:\program files\identity.ini
2005-03-09 02:24 . 2005-03-09 02:24 8624248 ----a-w- c:\program files\acad.exe
2005-03-05 15:48 . 2005-03-05 15:48 795768 ----a-w- c:\program files\acadficn.dll
2005-03-05 15:18 . 2005-03-05 15:18 3068024 ----a-w- c:\program files\axdb16.dll
2005-03-05 15:18 . 2005-03-05 15:18 22648 ----a-w- c:\program files\acurlutl16.dll
2005-03-05 15:08 . 2005-03-05 15:08 140408 ----a-w- c:\program files\tmptbl.dll
2005-03-05 15:08 . 2005-03-05 15:08 861304 ----a-w- c:\program files\sqleng.dll
2005-03-05 15:08 . 2005-03-05 15:08 590968 ----a-w- c:\program files\sqldata.dll
2005-03-05 15:08 . 2005-03-05 15:08 492664 ----a-w- c:\program files\csp16.dll
2005-03-05 15:08 . 2005-03-05 15:08 1176696 ----a-w- c:\program files\ase.arx
2005-03-05 15:08 . 2005-03-05 15:08 132216 ----a-w- c:\program files\aclbed.dll
2005-03-05 14:59 . 2005-03-05 14:59 119928 ----a-w- c:\program files\WSCommCntrUI1Res.dll
2005-03-05 14:59 . 2005-03-05 14:59 18552 ----a-w- c:\program files\WSCommCntrAcConRes.dll
2005-03-05 14:59 . 2005-03-05 14:59 8824 ----a-w- c:\program files\whohasRes.dll
2005-03-05 14:59 . 2005-03-05 14:59 233592 ----a-w- c:\program files\vlmsg.dll
2005-03-05 14:59 . 2005-03-05 14:59 36984 ----a-w- c:\program files\vldlg.dll
2005-03-05 14:59 . 2005-03-05 14:59 488568 ----a-w- c:\program files\vlaboutRes.dll
2005-03-05 14:59 . 2005-03-05 14:59 686712 ----a-w- c:\program files\vl.arx
2005-03-05 14:59 . 2005-03-05 14:59 33912 ----a-w- c:\program files\unitsRes.dll
2005-03-05 14:59 . 2005-03-05 14:59 25720 ----a-w- c:\program files\textfindRes.dll
2005-03-05 14:59 . 2005-03-05 14:59 8824 ----a-w- c:\program files\texteditRes.dll
2005-03-05 14:59 . 2005-03-05 14:59 238712 ----a-w- c:\program files\styshwizRes.dll
2005-03-05 14:57 . 2005-03-05 14:57 164984 ----a-w- c:\program files\pc3EditRes.dll
2005-03-05 14:57 . 2005-03-05 14:57 8312 ----a-w- c:\program files\passwordUIRes.dll
2005-03-05 14:57 . 2005-03-05 14:57 38008 ----a-w- c:\program files\LaytransRes.dll
2005-03-05 14:57 . 2005-03-05 14:57 24184 ----a-w- c:\program files\HPSETUPRes.dll
2005-03-05 14:57 . 2005-03-05 14:57 9336 ----a-w- c:\program files\hideRes.dll
2005-03-05 14:57 . 2005-03-05 14:57 1139832 ----a-w- c:\program files\heidi8.dll
2005-03-05 14:57 . 2005-03-05 14:57 25208 ----a-w- c:\program files\hcreg8Res.dll
2005-03-05 14:57 . 2005-03-05 14:57 87160 ----a-w- c:\program files\GsTest.arx
2005-03-05 14:57 . 2005-03-05 14:57 113272 ----a-w- c:\program files\gridres.dll
2005-03-05 14:56 . 2005-03-05 14:56 22648 ----a-w- c:\program files\fontcapres.dll
2005-03-05 14:56 . 2005-03-05 14:56 47736 ----a-w- c:\program files\erren.dll
2005-03-05 14:56 . 2005-03-05 14:56 47736 ----a-w- c:\program files\errenu.dll
2005-03-05 14:56 . 2005-03-05 14:56 18040 ----a-w- c:\program files\EregRes.dll
2005-03-05 14:56 . 2005-03-05 14:56 345208 ----a-w- c:\program files\DwgCheckStandardsRes.dll
2005-03-05 14:56 . 2005-03-05 14:56 201848 ----a-w- c:\program files\dwgaidsRes.dll
2005-03-05 14:56 . 2005-03-05 14:56 22648 ----a-w- c:\program files\dswhipRes.dll
2005-03-05 14:56 . 2005-03-05 14:56 175736 ----a-w- c:\program files\dlint8.dll
2005-03-05 14:56 . 2005-03-05 14:56 10360 ----a-w- c:\program files\coreerr.dll
2005-03-05 14:56 . 2005-03-05 14:56 31864 ----a-w- c:\program files\colorRes.dll
2005-03-05 14:56 . 2005-03-05 14:56 22136 ----a-w- c:\program files\BzPSLang.dll
2005-03-05 14:56 . 2005-03-05 14:56 38008 ----a-w- c:\program files\BattmanRes.dll
2005-03-05 14:54 . 2005-03-05 14:54 42104 ----a-w- c:\program files\AcVpPlaceRes.dll
2005-03-05 14:53 . 2005-03-05 14:53 197752 ----a-w- c:\program files\AcSignAppRes.dll
2005-03-05 14:52 . 2005-03-05 14:52 91256 ----a-w- c:\program files\acmtedRes.dll
2005-03-05 14:51 . 2005-03-05 14:51 25720 ----a-w- c:\program files\AcEAtteditRes.dll
2005-03-05 14:50 . 2005-03-05 14:50 7800 ----a-w- c:\program files\AcDblClkEditRes.dll
2005-03-05 14:27 . 2005-03-05 14:27 140408 ----a-w- c:\program files\WSCommCntrUI1.dll
2005-03-05 14:27 . 2005-03-05 14:27 74872 ----a-w- c:\program files\WSCommCntrAcCon.arx
2005-03-05 14:27 . 2005-03-05 14:27 30840 ----a-w- c:\program files\whohas.arx
2005-03-05 14:27 . 2005-03-05 14:27 27256 ----a-w- c:\program files\vlres.dll
2005-03-05 14:27 . 2005-03-05 14:27 73848 ----a-w- c:\program files\vlreac.dll
2005-03-05 14:27 . 2005-03-05 14:27 1145976 ----a-w- c:\program files\vllib.dll
2005-03-05 14:26 . 2005-03-05 14:26 326264 ----a-w- c:\program files\vlide.dll
2005-03-05 14:26 . 2005-03-05 14:26 118392 ----a-w- c:\program files\vlcom.dll
2005-03-05 14:26 . 2005-03-05 14:26 24696 ----a-w- c:\program files\vlabout.dll
2005-03-05 14:26 . 2005-03-05 14:26 46712 ----a-w- c:\program files\userdata.dll
2009-11-18 07:50 . 2009-11-17 21:57 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-08-06 279944]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE7-11"="advpack.dll" [2010-01-05 124928]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.5.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.5.2009 20:59 19472]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [31.10.2006 11:10 35840]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?]
S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {C301D356-0E81-4062-AA3C-638C18ACCEF3} = 195.29.150.3,195.29.150.4
TCP: {FB2A725C-E94C-472F-A11B-BCB8D329DBA0} = 195.29.150.3,195.29.150.4
FF - ProfilePath - c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Mozilla\Firefox\Profiles\k5t0mzjz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ToggleEN Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.hr
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&q=
FF - component: c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Mozilla\Firefox\Profiles\k5t0mzjz.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Mozilla\Firefox\Profiles\k5t0mzjz.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Mozilla\Firefox\Profiles\k5t0mzjz.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Mozilla\Firefox\Profiles\k5t0mzjz.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Administrator.ORG-3E4926DA8B3\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonEU\NGM\npNxGameeu.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-muuux - c:\documents and settings\Administrator.ORG-3E4926DA8B3\muuux.exe
AddRemove-eBay Icon - c:\documents and settings\Administrator.ORG-3E4926DA8B3\Application Data\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 09:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-01 09:47:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-01 07:47

Pre-Run: 28.622.643.200 bytes free
Post-Run: 29.768.261.632 bytes free

- - End Of File - - 644B849D8C26EB6A962A0077234AEA5D
0
31428571J Posts 1 Registration date Saturday June 19, 2010 Status Member Last seen June 19, 2010
Jun 19, 2010 at 03:41 PM
Many thanks for this my freind! Your advice has saved me at least the cost of a £30 re-install!

(add note)

Worked fine thanks, but for those with Kaspersky you will still see it (the virus) as a threat until you 'Disinfect' (POSSIBLE NOW)

Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 16:51 . 2010-06-19 16:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 16:37 . 2010-06-19 16:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-17 20:11 . 2010-06-17 20:12 -------- d-----w- c:\program files\CleanUp!
2010-06-17 19:43 . 2010-06-17 19:54 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-16 14:36 . 2010-06-16 14:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-06-15 22:11 . 2010-06-17 21:10 -------- d-----w- c:\windows\Downloaded Program Files
2010-06-15 15:22 . 2010-06-15 17:28 -------- d-----w- c:\program files\Pothos
2010-06-12 14:14 . 2006-03-04 17:47 262144 ----a-w- c:\program files\unst0_0.exe
2010-06-12 13:40 . 2010-06-12 14:24 -------- d-----w- c:\program files\Uninstall Plus v4.1
2010-06-12 04:12 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-06-12 03:58 . 2010-06-12 03:58 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BD.TMP
2010-06-11 14:50 . 2010-06-11 14:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-11 14:50 . 2010-06-16 16:40 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-06-11 14:45 . 2010-06-16 16:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-06-11 14:43 . 2010-06-11 14:43 -------- d-----w- c:\program files\Common Files\Skype
2010-06-11 14:43 . 2010-06-11 14:45 -------- d-----w- c:\program files\Skype
2010-06-11 14:31 . 2010-06-11 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-11 12:54 . 2004-01-10 19:56 122880 ----a-w- c:\windows\system32\pdfmont.dll
2010-06-10 03:21 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-05 11:49 . 2010-06-05 12:08 -------- d-----w- c:\program files\YouTube Downloader
2010-06-04 22:47 . 2009-07-21 13:02 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-06-04 22:47 . 2009-07-21 13:02 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-06-04 22:47 . 2009-07-21 13:02 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-06-04 22:47 . 2009-07-21 08:15 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-06-04 22:47 . 2009-04-27 13:00 9728 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-06-04 22:47 . 2008-11-06 07:49 13824 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys
2010-06-04 22:47 . 2010-06-04 22:47 -------- d-----w- c:\windows\massfilter
2010-06-04 00:47 . 2010-06-04 00:47 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-03 18:40 . 2010-06-03 18:40 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2010-06-03 18:40 . 2010-06-03 18:40 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2010-06-03 18:40 . 2010-06-03 18:40 21256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2010-06-03 18:40 . 2010-06-03 18:40 861448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2010-06-03 18:40 . 2010-06-03 18:40 83208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2010-06-03 18:40 . 2010-06-03 18:40 62728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2010-06-03 18:40 . 2010-06-03 18:40 43784 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2010-06-03 18:40 . 2010-06-03 18:40 365832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2010-06-03 18:40 . 2010-06-03 18:40 201992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2010-06-03 17:51 . 2010-06-03 18:40 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-06-03 17:51 . 2010-06-03 18:40 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-06-03 17:50 . 2010-06-19 18:20 360480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-03 17:50 . 2010-06-19 18:20 1602080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-03 17:50 . 2010-06-03 17:50 -------- d-----w- c:\program files\Kaspersky Lab
2010-06-03 17:50 . 2010-06-19 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 18:22 . 2010-03-13 20:09 -------- d-----w- c:\program files\Audio Sliders
2010-06-19 18:20 . 2010-06-03 17:50 2312 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-19 18:20 . 2010-06-03 17:50 13568 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-15 15:55 . 2010-03-13 19:38 -------- d-----w- c:\program files\Microsoft Works
2010-06-15 15:55 . 2010-04-18 21:02 -------- d-----w- c:\program files\'Full Speed' Internet Booster + Performance Tests
2010-06-12 14:15 . 2010-06-12 14:14 283 ----a-w- c:\program files\Program Files.ini
2010-06-12 13:45 . 2010-03-14 00:57 -------- d-----w- c:\program files\QuickTime
2010-06-08 10:13 . 2010-03-13 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-04 22:47 . 2010-03-13 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 11:47 . 2010-03-13 23:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 18:41 . 2008-01-29 17:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2010-06-03 18:29 . 2010-03-14 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-05-06 10:41 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-07-16 20:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 19:00 . 2010-04-25 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-04-25 18:34 . 2010-04-25 18:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Birdstep Technology
2010-04-25 18:13 . 2010-03-13 19:21 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-20 05:30 . 2003-07-16 20:24 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-26 14:29 . 2010-03-26 14:30 720896 ----a-w- c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Audio Sliders Launch"="c:\program files\Audio Sliders\volume.exe" [2006-04-06 231424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2010-06-03 201992]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2010-01-04 2998272]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9728]
R3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2009-08-25 33664]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 114688]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2010-06-03 33808]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e783f9f6-7093-11df-983d-fce4bd0c3a8b}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://mobilebroadbandaccess.o2.co.uk/?DMPN=07955811215&NetworkID=23410&NetworkDescriptor=O2-UK
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1364589140-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-06-19 19:37:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-19 18:36

Pre-Run: 74,102,267,904 bytes free
Post-Run: 74,051,350,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DE09D30335FD3D266D288E6504FEB24C
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Jun 19, 2010 at 04:00 PM
Thanks you for your feedback, I am happy to have saved you all those pounds,

Now...pay to the next

Farewell
0
Answer 2 / 10
odon
May 13, 2010 at 02:00 PM
it is working for me. greate thanks a LOT guys
1
Answer 3 / 10
jorhay Posts 20 Registration date Sunday May 9, 2010 Status Member Last seen May 11, 2010
May 9, 2010 at 04:58 AM
if you dont have a computer tools go to accessories and then go to system tools select the system restore...you need to choices what date if you gonna delete..make sure you have a back up of your files..
0
Answer 4 / 10
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
May 17, 2010 at 04:34 PM
Hello BigJohn,

Today is your lucky, I just happened to stop by and saw your message.

This Rootkit has taken a habit of replacing ligitimate files by other which I will not name for we want to maintain some decorum.

1. Boot in safe mode with networking.

2 Please command prompt and then run
3 Type sfc/scannow
4 Press okay
5. See if now if you can download and run Combofix, you can also try:

http://download.norman.no/public/Norman_TDSS_Cleaner.exe

Norman is a swell guy.

Good luck Big John and let me know.
0

Didn't find the answer you are looking for?

Ask a question
Answer 5 / 10
johnnythree
Aug 22, 2010 at 03:30 PM
I have been having 5 different computers attacking various parts of my computer but Norton has been blocking the attempts... I noticed from their reports that Norton gave me that my Firefox was the cause. Most of them were Tid serve requests that Norton had blocked.

After doing some research I noticed that usually a root kit is behind the attacks. I acquired your Combofix that you have on this thread ran it as you have instructed it didn't take long. restarted once and now it starts as fast as I remember and so is the web page change on email.

Here is the report:



ComboFix 10-08-21.04 - Administrator 08/22/2010 0:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1421 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%
c:\windows\system32\st325602.dll

Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-21 06:52 . 2010-08-21 06:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-21 06:52 . 2010-08-21 06:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-08-21 02:09 . 2010-08-21 02:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-20 09:08 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-08-20 05:50 . 2010-08-20 08:35 13160 ----a-w- c:\windows\system32\Upgrd.exe
2010-08-03 19:28 . 2010-08-03 19:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-03 19:28 . 2010-08-22 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-08-03 19:21 . 2010-08-22 07:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-08-03 19:19 . 2010-08-03 19:19 -------- d-----w- c:\program files\Common Files\Skype
2010-08-03 19:19 . 2010-08-03 19:20 -------- d-----r- c:\program files\Skype
2010-08-03 19:19 . 2010-08-03 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-01 09:32 . 2001-08-17 19:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2010-08-01 09:32 . 2001-08-17 19:49 22848 ----a-w- c:\windows\system32\drivers\LwUsbHid.sys
2010-07-30 22:12 . 2010-07-30 22:12 77312 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2010-07-30 01:32 . 2010-07-30 01:32 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-30 01:32 . 2010-07-30 01:32 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-30 01:32 . 2010-07-30 01:32 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-30 01:32 . 2010-07-30 01:32 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-30 01:32 . 2010-07-30 01:32 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-30 01:32 . 2010-07-30 01:32 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-30 01:32 . 2010-07-30 01:32 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-30 01:32 . 2010-07-30 01:32 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-30 01:31 . 2010-07-30 01:31 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-30 01:26 . 2010-07-30 01:26 493064 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\setup\AU_setup16.exe
2010-07-23 22:35 . 2010-07-23 22:36 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 07:27 . 2009-07-10 04:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-08-22 07:27 . 2007-06-14 06:13 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-22 07:27 . 2007-06-14 06:14 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-08-22 07:25 . 2009-07-31 11:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2010-08-22 06:52 . 2009-07-31 11:00 -------- d-----w- c:\program files\DNA
2010-08-22 06:09 . 2009-07-12 14:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-08-22 06:08 . 2007-06-14 06:13 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-08-22 03:57 . 2007-06-14 06:21 99609 ----a-w- c:\windows\system32\nvModes.dat
2010-08-21 04:44 . 2010-05-18 16:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-20 08:35 . 2006-03-01 20:37 57752 ------w- c:\windows\system32\rpcnet.exe
2010-08-20 07:39 . 2009-07-10 05:03 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-20 05:48 . 2010-02-15 06:52 -------- d-----w- c:\program files\Gabest
2010-08-20 05:36 . 2006-10-03 23:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 05:04 . 2009-07-10 05:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-11 10:05 . 2009-07-10 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-01 09:30 . 2009-09-23 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-30 22:13 . 2010-07-20 13:18 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-30 22:12 . 2010-07-20 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-07-30 01:32 . 2010-03-26 09:58 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-30 01:32 . 2009-12-27 01:56 -------- d-----w- c:\program files\Common Files\Real
2010-07-30 01:31 . 2009-12-27 01:56 -------- d-----w- c:\program files\Real
2010-07-20 13:18 . 2010-07-20 13:18 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-07-20 13:18 . 2010-07-20 13:18 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-07-20 13:18 . 2010-07-20 13:18 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-07-20 13:18 . 2010-07-20 13:18 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-07-08 11:21 . 2010-07-08 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\TS3Client
2010-06-14 14:30 . 2006-07-10 22:07 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 16:52 . 2010-06-01 16:52 503808 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-53048264-n\msvcp71.dll
2010-06-01 16:52 . 2010-06-01 16:52 348160 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-53048264-n\msvcr71.dll
2010-06-01 16:52 . 2010-06-01 16:52 499712 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-53048264-n\jmc.dll
2010-06-01 16:52 . 2010-06-01 16:52 61440 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40723265-n\decora-sse.dll
2010-06-01 16:52 . 2010-06-01 16:52 12800 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40723265-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-30 202256]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-15 21:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-17 10:03 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-30 01:30 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:4\\Program Files\\uTorrent\\uTorrent.exe"=
"C:4\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:4\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\MW4MERCS.ICD"=
"f:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\mw4\\MW4.exe"=
"f:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\mw4\\mw4x\\MW4x.EXE"=
"f:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"f:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45676:TCP"= 45676:TCP:Coh
"56311:TCP"= 56311:TCP:Pando Media Booster
"56311:UDP"= 56311:UDP:Pando Media Booster

R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [10/3/2006 4:12 PM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [10/3/2006 4:12 PM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [10/3/2006 4:12 PM 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [10/3/2006 4:12 PM 17664]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [5/24/2010 4:14 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [5/24/2010 4:14 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [8/9/2010 6:11 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [5/24/2010 4:14 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [5/24/2010 4:14 PM 116784]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [5/24/2010 4:14 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 4:52 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100820.001\IDSXpx86.sys [8/20/2010 6:53 PM 331640]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva287;XDva287;\??\c:\windows\system32\XDva287.sys --> c:\windows\system32\XDva287.sys [?]
S3 XDva309;XDva309;\??\c:\windows\system32\XDva309.sys --> c:\windows\system32\XDva309.sys [?]
S3 XDva319;XDva319;\??\c:\windows\system32\XDva319.sys --> c:\windows\system32\XDva319.sys [?]
S3 XDva326;XDva326;\??\c:\windows\system32\XDva326.sys --> c:\windows\system32\XDva326.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3054480091-1899633457-2647154202-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-08-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3054480091-1899633457-2647154202-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0343EC7D-6B21-4DF9-B721-DBB1B69DCC40} = 68.105.28.12,68.105.28.11
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zfcuyq7a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://red.clientapps.yahoo.com/customize/links/msgr8/*https://fr.yahoo.com/?p=us
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-mstwain32.exe - c:\documents and settings\Administrator\Application Data\Microsoft\mstwain32.exe
AddRemove-PCSX2 0.9 R3 - c:\program files\PCSX2 0.9 R3\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 00:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3054480091-1899633457-2647154202-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,70,89,cc,b2,14,2c,43,be,fe,0a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,70,89,cc,b2,14,2c,43,be,fe,0a,\

[HKEY_USERS\S-1-5-21-3054480091-1899633457-2647154202-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3054480091-1899633457-2647154202-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7d,69,3d,12,c6,30,d7,4f,08,fc,97,6c,12,79,c5,f4,8b,65,6f,c2,d9,a3,03,
cf,e5,32,97,f8,e7,bf,3b,81,a5,b5,fb,01,eb,de,e0,c0,f9,f0,f8,be,a1,e5,32,02,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7f,bf,b6,c7,fc,95,ab,96,53,32,dc,9c,47,48,40,ae,61,c7,ed,06,03,
52,0b,b7,9a,3a,0c,c6,c5,72,51,3d,fe,62,0c,4c,1e,85,37,4c,35,b3,95,9d,50,f2,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð*€|ÿÿÿÿ.*€|ù*A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7f,bf,b6,c7,fc,95,ab,96,53,32,dc,9c,47,48,40,ae,61,c7,ed,06,03,
52,0b,b7,9a,3a,0c,c6,c5,72,51,3d,fe,62,0c,4c,1e,85,37,4c,35,b3,95,9d,50,f2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-22 00:47:12
ComboFix-quarantined-files.txt 2010-08-22 07:47

Pre-Run: 5,668,724,736 bytes free
Post-Run: 15,509,078,016 bytes free

- - End Of File - - 1EFC78935FC0E5230EB60503063747D9
0
Answer 6 / 10
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Aug 22, 2010 at 04:25 PM
Hello,

It looks as if the rootkit has been destroyed. Great!

Regards
0
Answer 7 / 10
denchibald
Sep 14, 2010 at 08:05 AM
hello,
I was having similar problems,
and I followed procedure

and this is log file, and I'm interested if everything is fixed:

ComboFix 10-09-13.02 - XP Pro 14.09.2010 14:39:48.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.502.226 [GMT 2:00]
Running from: F:\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\windows\system32\drivers\Setup.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 12:47 . 2009-06-13 19:19 -------- d-----w- c:\documents and settings\XP Pro\Application Data\uTorrent
2010-09-14 12:38 . 2007-01-03 10:35 -------- d-----w- c:\documents and settings\XP Pro\Application Data\Skype
2010-09-14 10:14 . 2009-12-02 19:51 0 ----a-w- c:\documents and settings\XP Pro\Local Settings\Application Data\prvlcl.dat
2010-09-14 07:27 . 2010-01-21 18:29 -------- d-----w- c:\documents and settings\XP Pro\Application Data\skypePM
2010-09-14 07:24 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-08-24 20:47 . 2009-11-03 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-16 21:18 . 2010-04-09 16:51 -------- d-----w- c:\documents and settings\XP Pro\Application Data\vlc
2010-08-16 20:26 . 2009-04-21 18:18 -------- d-----w- c:\documents and settings\XP Pro\Application Data\dvdcss
2010-08-01 19:57 . 2010-08-01 19:57 -------- d-----w- c:\documents and settings\XP Pro\Application Data\AVG9
2010-07-30 20:04 . 2010-01-17 16:00 112 ----a-w- c:\documents and settings\All Users\Application Data\Ov6uC3jr3.dat
2010-07-16 16:59 . 2010-01-20 10:29 50354 ----a-w- c:\documents and settings\XP Pro\Application Data\Facebook\uninstall.exe
2009-01-05 14:26 . 2008-12-19 07:51 56 -csha-r- c:\windows\system32\F54C4E5511.sys
2010-05-13 05:51 . 2008-12-18 10:01 15960 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
[code]<pre>
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Realtek\InstallShield\AzMixerSel .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
</pre>/code

------- Sigcheck -------

[-] 2010-09-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll

[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 12:00 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys

[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll

[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ddraw.dll

[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\version.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-23_09.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 22:46 . 2006-12-01 22:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2010-03-28 19:25 . 2004-06-10 14:34 53693 c:\windows\UNDPX2A.sys
+ 2010-06-13 20:17 . 2004-07-07 14:02 22272 c:\windows\udtablet\AIPTEKTP.SYS
+ 2010-06-13 20:17 . 2003-11-14 08:45 36864 c:\windows\udtablet\AIPTEKTP.EXE
+ 2010-06-13 18:43 . 2005-09-21 13:37 69632 c:\windows\system32\WINTAB32.DLL
+ 2010-06-13 18:43 . 2001-05-23 09:58 36864 c:\windows\system32\UTBLFILT.DLL
- 2008-04-14 12:00 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-06-13 18:43 . 2005-06-17 17:09 61440 c:\windows\system32\TBLMOUSE.EXE
+ 2010-06-13 18:43 . 2005-09-21 13:54 61440 c:\windows\system32\Tblfunc.dll
+ 2010-05-04 17:53 . 2008-06-15 08:01 60273 c:\windows\system32\pthreadGC2.dll
- 2004-08-04 12:00 . 2009-12-10 08:19 75834 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-09-14 12:32 75834 c:\windows\system32\perfc009.dat
+ 2006-11-07 20:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-07 20:03 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2010-06-13 18:43 . 2004-01-20 07:00 49152 c:\windows\system32\Funckey.dll
+ 2010-05-04 17:53 . 2008-12-17 23:22 57344 c:\windows\system32\ff_vfw.dll
+ 2001-05-23 13:42 . 2001-05-23 13:42 12084 c:\windows\system32\drivers\UTBLFILT.sys
+ 2001-08-21 13:18 . 2001-08-21 13:18 11264 c:\windows\system32\drivers\SETUPDIR\0816\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11264 c:\windows\system32\drivers\SETUPDIR\0804\_setup.dll
+ 2001-08-21 13:18 . 2001-08-21 13:18 11264 c:\windows\system32\drivers\SETUPDIR\040C\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11264 c:\windows\system32\drivers\SETUPDIR\0404\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11264 c:\windows\system32\drivers\SETUPDIR\0013\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11776 c:\windows\system32\drivers\SETUPDIR\0011\_setup.dll
+ 2001-08-21 13:18 . 2001-08-21 13:18 11776 c:\windows\system32\drivers\SETUPDIR\0010\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11776 c:\windows\system32\drivers\SETUPDIR\000A\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11264 c:\windows\system32\drivers\SETUPDIR\0009\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11776 c:\windows\system32\drivers\SETUPDIR\0008\_SETUP.DLL
+ 2001-08-21 13:18 . 2001-08-21 13:18 11264 c:\windows\system32\drivers\SETUPDIR\0007\_SETUP.DLL
+ 2001-08-17 13:48 . 2001-08-17 12:48 12160 c:\windows\system32\drivers\mouhid.sys
- 2001-08-17 13:48 . 2008-04-14 12:00 12160 c:\windows\system32\drivers\mouhid.sys
+ 2008-04-14 00:09 . 2008-04-13 23:09 23040 c:\windows\system32\drivers\mouclass.sys
- 2008-04-14 00:09 . 2008-04-14 12:00 23040 c:\windows\system32\drivers\mouclass.sys
+ 2010-02-22 19:05 . 2010-04-29 14:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-02-22 19:05 . 2010-01-07 15:07 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-02-22 19:05 . 2010-04-29 14:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2008-04-14 12:00 . 2008-04-13 22:15 10368 c:\windows\system32\drivers\hidusb.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 10368 c:\windows\system32\drivers\hidusb.sys
+ 2008-04-14 12:00 . 2008-04-13 22:15 24960 c:\windows\system32\drivers\hidparse.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 24960 c:\windows\system32\drivers\hidparse.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 36864 c:\windows\system32\drivers\hidclass.sys
+ 2008-04-14 12:00 . 2008-04-13 22:15 36864 c:\windows\system32\drivers\hidclass.sys
+ 2001-04-10 12:43 . 2001-04-10 12:43 49152 c:\windows\system32\drivers\FINDUSB.EXE
+ 2009-11-03 08:59 . 2010-03-05 09:50 52872 c:\windows\system32\drivers\avgrkx86.sys
+ 2009-09-29 09:29 . 2010-06-01 07:42 29584 c:\windows\system32\drivers\avgmfx86.sys
+ 2010-06-13 20:17 . 2004-07-07 14:02 22272 c:\windows\system32\drivers\aiptektp.sys
+ 2010-01-13 20:00 . 2009-10-22 12:54 37392 c:\windows\system32\drivers\62469752.sys
+ 2009-06-12 08:42 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 08:42 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-08-13 11:57 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-13 11:57 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2010-01-22 11:23 . 2010-01-22 11:23 12536 c:\windows\system32\avgrsstx.dll
+ 2010-06-13 20:17 . 2005-06-17 16:51 49152 c:\windows\system32\ATWinLog.dll
+ 2010-06-13 20:17 . 2005-07-20 10:12 90112 c:\windows\RmTablet.exe
+ 2010-01-15 16:23 . 2010-01-15 16:23 21504 c:\windows\Installer\38b77.msi
- 2007-05-26 11:39 . 2010-02-11 09:30 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-25 07:18 . 2008-10-25 07:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 07:18 . 2008-10-25 07:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2010-04-11 23:08 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-11 23:08 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-11 23:08 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 19527 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCall.6B092422_27B2_4C55_9A09_5BDE522CA8C6.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 19527 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCall.6B092422_27B2_4C55_9A09_5BDE522CA8C6.dll
+ 2010-04-19 04:12 . 2008-04-14 12:00 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-02-25 09:00 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-25 09:00 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-04-19 04:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll
+ 2010-04-19 04:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll
+ 2010-04-29 07:05 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-29 07:05 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-04-11 23:09 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980182-IE8\update\spcustom.dll
+ 2010-04-11 23:09 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980182-IE8\spmsg.dll
+ 2010-04-11 08:32 . 2010-02-25 06:19 12800 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\xpshims.dll
+ 2010-04-11 08:33 . 2010-02-25 06:19 55296 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeedsbs.dll
+ 2010-04-11 08:34 . 2010-02-25 06:19 25600 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\jsproxy.dll
+ 2010-04-29 07:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-28 16:53 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-29 07:06 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-04-19 04:12 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-19 04:12 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-04-30 08:29 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-30 08:29 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-04-29 06:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-29 06:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-04-30 08:29 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-30 08:29 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-02-25 09:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-25 09:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2010-03-18 21:57 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-03-18 21:57 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2001-08-21 13:18 . 2001-08-21 13:18 4525 c:\windows\system32\drivers\LANG.DAT
+ 2001-08-21 13:18 . 2001-08-21 13:18 8704 c:\windows\system32\drivers\_ISDEL.EXE
+ 2010-03-28 19:25 . 2004-06-10 14:31 135168 c:\windows\UNDPX2A.exe
+ 2008-04-14 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll
+ 2008-04-14 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
- 2008-04-14 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll
+ 2004-10-26 22:11 . 2008-06-15 08:01 258352 c:\windows\system32\unicows.dll
+ 2004-08-04 12:00 . 2010-09-14 12:32 453424 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-12-10 08:19 453424 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2006-11-07 20:03 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
- 2006-11-07 20:03 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
+ 2010-07-29 10:15 . 2010-07-29 10:15 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2008-04-14 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-14 12:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-09-29 09:29 . 2010-01-22 11:23 243024 c:\windows\system32\drivers\avgtdix.sys
+ 2009-09-29 09:29 . 2010-01-22 11:23 216400 c:\windows\system32\drivers\avgldx86.sys
+ 2010-01-13 20:00 . 2009-09-25 16:59 128016 c:\windows\system32\drivers\62469751.sys
+ 2010-01-13 20:00 . 2009-10-09 22:31 315408 c:\windows\system32\drivers\6246975.sys
+ 2008-04-14 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-13 11:57 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-08-13 11:57 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-02-09 14:18 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-04-14 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-06-12 08:42 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-06-01 07:19 . 2007-05-16 14:45 443752 c:\windows\system32\d3dx10_34.dll
+ 2010-06-13 20:17 . 2005-07-27 14:55 290816 c:\windows\system32\atwtusbL.exe
+ 2010-06-13 18:43 . 2005-09-21 16:08 290816 c:\windows\system32\ATWTUSB.EXE
+ 2008-04-14 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-01-21 18:27 . 2010-01-21 18:27 700416 c:\windows\Installer\be02e6e.msi
+ 2010-06-01 07:17 . 2010-06-01 07:17 331264 c:\windows\Installer\75be56c.msi
+ 2010-01-21 18:27 . 2010-01-21 18:27 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-05-26 11:39 . 2010-02-11 09:30 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-05-26 11:39 . 2010-04-30 08:31 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-25 06:52 . 2008-10-25 06:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 06:52 . 2008-10-25 06:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2010-04-19 04:13 . 2009-03-08 02:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-19 04:13 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-19 04:13 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-04-11 23:08 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-11 23:08 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-11 23:08 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-11 23:08 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-11 23:08 . 2009-03-08 02:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-11 23:08 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-11 23:08 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-11 23:08 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-11 23:08 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-11 23:08 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-02-25 09:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-25 09:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-25 09:01 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2009-02-09 14:18 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-12-08 23:11 . 2008-12-08 23:11 111353 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla8.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111353 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla8.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111364 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla4.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111364 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla4.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111491 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla34.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111491 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla34.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 738304 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla33.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 738304 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla33.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111063 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla32.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111063 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla32.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111705 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla31.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111705 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla31.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 632832 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla30.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 632832 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla30.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111789 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla29.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111789 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla29.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111255 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla27.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111255 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla27.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111910 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla26.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111910 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla26.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111883 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla23.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111883 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla23.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 633856 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla14.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 633856 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla14.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 111943 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla.dll
- 2008-12-08 23:11 . 2008-12-08 23:11 111943 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 126538 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla.6B092422_27B2_4C55_9A09_5BDE522CA8C6.exe
- 2008-12-08 23:11 . 2008-12-08 23:11 126538 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla.6B092422_27B2_4C55_9A09_5BDE522CA8C6.exe
- 2008-12-08 23:11 . 2008-12-08 23:11 126538 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla.6B092422_27B2_4C55_9A09_5BDE522CA8C6.dll
+ 2010-05-12 21:52 . 2010-05-12 21:52 126538 c:\windows\DFD4A822111845CA8222B7C8E3480370.TMP\WiseCustomCalla.6B092422_27B2_4C55_9A09_5BDE522CA8C6.dll
+ 2010-04-29 07:05 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-29 07:05 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-29 07:05 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-04-29 07:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-29 07:06 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-04-19 04:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-19 04:12 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-02-25 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-25 09:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-04-30 08:29 . 2008-04-14 12:00 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-30 08:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-30 08:29 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-04-29 06:55 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-29 06:55 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-29 06:55 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-29 06:55 . 2008-04-14 12:00 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-04-30 08:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-30 08:29 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-03-18 21:57 . 2009-05-26 16:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-03-18 21:57 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-04-19 04:13 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll
+ 2010-04-19 04:13 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981332-IE8\update\update.exe
+ 2010-04-19 04:13 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe
+ 2010-04-18 05:50 . 2010-03-10 06:18 420352 c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll
+ 2010-04-29 07:05 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-29 07:05 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-29 07:05 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-28 16:52 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-04-11 23:09 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980182-IE8\update\updspapi.dll
+ 2010-04-11 23:09 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980182-IE8\update\update.exe
+ 2010-04-11 23:09 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980182-IE8\spuninst.exe
+ 2010-04-11 08:32 . 2010-02-25 06:19 919040 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
+ 2010-04-11 08:32 . 2010-02-25 06:19 206848
0
Answer 8 / 10
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Sep 14, 2010 at 04:32 PM
Hello Denchibald,

This was an impressive clean-up!

Everything looks just fine from this side.

Farewell.
0
Answer 9 / 10
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Apr 1, 2010 at 04:53 AM
Hello,

Thank you for the log.

It looks as if you had infected drivers which have now been cleaned.

How is you system performing now?

Anymore problem?
-1
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Apr 1, 2010 at 05:37 AM
Hello,

I received your personal. You are totally welcome.

Now please, just to remain on the safe side.

Turn off your system restore for about 45 seconds, turn it back on and create a fresh restore point, something you can always return to in case of need.
0
-somebody- Posts 21 Registration date Wednesday March 31, 2010 Status Member Last seen June 27, 2010 1
Apr 1, 2010 at 12:38 PM
my system is rly good now , and i am not sure abaot making restore points , i never done it before , i will try to exlpre a bit on net , or u can explain me in few sentences

thanks
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Apr 1, 2010 at 03:02 PM
Yes of course,

1.Click on start, all programmes, accessories, tool, system restore.

Just read the window carefully, you will understand. You uncheck disable, click okay and then come back to create the point which you can name in my honour!

Bye
0
-somebody- Posts 21 Registration date Wednesday March 31, 2010 Status Member Last seen June 27, 2010 1
Apr 2, 2010 at 06:24 AM
did it , thanks
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Apr 2, 2010 at 12:13 PM
Good!

I knew you could and you are welcome. Now you know you can always come back to Ambucias.
0
Answer 10 / 10
sumit
Apr 30, 2010 at 03:07 AM
Not working to fix my rootkit.win32.tdss.a :( Its still there and even Kaspersky 2010 is unable to treat it
-1
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Apr 30, 2010 at 05:34 AM
Hello Submit

I assumed you used Combofix and it was not successful.

Please download:

http://www.esagelab.com/files/tdss_remover_latest.rar

On your destop, create a new folder and decompress the downloaded file into the folder.

Launch the programme by double clicking "Remover.exe". If the infection is detected, hidden items will then be shown.

Check them off and click on repair/delete selected.

A message will appear to reboot to finish the clean-up, type Y

Let me know how this worked for you. There are other means to remove the virus.

Regards
0

Similar discussions

how to get rid of trojan virus
ziggy7 -
speedy -

74 responses
Using attrib -h -r -s /s /d g:\*.* I could not wipe the attributes of my externa
jwtingley -
ac3mark -

1 response
removing virus with out formating
vijju -
Ambucias -

5 responses
attrib -h -r -s /s /d g:\*.*
Ruggzboi -
Ambucias -

1 response