News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
September 10, 2010, 01:40:56 AM
+  cexx.org - Support Forums
|-+  Recent Posts
Pages: [1] 2 3 ... 10
 1 
 on: September 09, 2010, 09:25:46 PM 
Started by theotherguy - Last post by Unzy
If you are a paying customer of Sophos antivirus, they will email you a removal tool/instructions for free :

http://www.sophos.com/support/queries/

It's one nasty rootkit

If that doesnt go or work and you feel you are up for a reformat please do so

I have the logs to look into

I would appreciate you keep us posted if you should use that sophos removal guide

Thnx

 2 
 on: September 09, 2010, 04:27:30 PM 
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS Security Bulletin Advance Notification - September 2010
- http://www.microsoft.com/technet/security/Bulletin/MS10-sep.mspx
September 09, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on September 14, 2010... (Total of -9-)

Critical -4-
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office
Bulletin 4 - Critical - Remote Code Execution - May require restart - Microsoft Office

Important -5-
Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 6 - Important - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 7 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 8 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 9 - Important - Elevation of Privilege - Requires restart - Microsoft Windows

.

 3 
 on: September 09, 2010, 12:55:28 PM 
Started by theotherguy - Last post by theotherguy
Oh and here is the log file from the last combo fix:


ComboFix 10-09-08.03 - Administrator 09/09/2010  15:18:14.3.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3579.2978 [GMT -4:00]
Running from: c:\documents and settings\Administrator.WAYNEOH\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.WAYNEOH\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

FILE ::
"c:\windows\system32\drivers\rukgusf.sys"
.
PEV Error: CacheFile
PEV Error: CacheFolder

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\tmp3.tmp

.
(((((((((((((((((((((((((   Files Created from 2010-08-09 to 2010-09-09  )))))))))))))))))))))))))))))))
.

2010-09-08 19:28 . 2010-09-08 19:28   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\AVS4YOU
2010-09-08 19:26 . 2010-09-09 18:47   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-09-08 19:25 . 2010-09-09 18:47   --------   d-----w-   c:\program files\AVS4YOU
2010-09-08 19:25 . 2010-09-08 19:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVS4YOU
2010-09-08 19:25 . 2010-06-22 20:05   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
2010-09-08 17:01 . 2009-08-16 15:08   178176   ----a-w-   c:\windows\system32\unrar.dll
2010-09-08 12:15 . 2010-09-08 12:15   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-09-07 16:04 . 2010-09-08 12:15   --------   d-----w-   C:\RECYCLER(2)
2010-09-03 12:54 . 2010-09-09 19:27   118784   ----a-w-   c:\windows\system32\chg.exe
2010-09-02 15:07 . 2010-09-02 15:08   --------   d-----w-   C:\rsit
2010-09-01 16:59 . 2010-09-01 17:00   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Temp
2010-09-01 16:59 . 2010-09-01 17:00   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Google
2010-08-26 12:50 . 2010-08-26 13:31   161296   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2010-08-25 03:19 . 2010-08-25 12:01   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\ifhmvodou
2010-08-25 03:19 . 2010-08-25 03:19   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-19 15:41 . 2010-08-19 15:41   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Threat Expert
2010-08-19 14:52 . 2010-08-19 14:52   388096   ----a-r-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-16 20:50 . 2010-08-16 20:50   1419232   ----a-w-   c:\windows\system32\WdfCoInstaller01005.dll
2010-08-16 20:19 . 2010-08-16 20:19   --------   d-----w-   c:\documents and settings\All Users\Uniblue
2010-08-16 20:17 . 2010-08-16 20:18   --------   d-----w-   c:\program files\Uniblue

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 19:07 . 2009-04-02 19:12   73648   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-09 18:55 . 2009-04-02 19:10   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-09-08 18:47 . 2009-08-31 13:34   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Apple Computer
2010-09-08 17:16 . 2009-04-08 16:31   --------   d---a-w-   c:\documents and settings\All Users\Application Data\Temp
2010-09-03 12:02 . 2009-10-12 12:25   --------   d-----w-   c:\program files\Trend Micro
2010-09-02 13:18 . 2010-06-08 16:00   --------   d-----w-   c:\program files\Digsby
2010-08-25 18:42 . 2009-04-02 19:10   --------   d-----w-   c:\program files\Analog Devices
2010-08-25 03:19 . 2009-07-20 23:30   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-08-19 17:32 . 2010-05-28 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\DVD Shrink
2010-08-16 20:51 . 2010-08-16 20:51   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-08-16 20:51 . 2010-08-16 20:51   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-16 20:18 . 2010-07-30 13:13   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Uniblue
2010-08-13 19:17 . 2010-03-15 15:27   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-13 07:06 . 2009-04-02 20:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-03 12:45 . 2009-08-19 12:06   --------   d-----w-   c:\program files\MSECACHE
2010-07-30 13:27 . 2010-07-30 13:21   --------   d-----w-   c:\program files\Free Window Registry Repair
2010-07-27 12:25 . 2010-07-27 12:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATI
2010-07-26 21:08 . 2009-11-30 15:10   --------   d-----w-   c:\program files\ATI
2010-07-26 21:07 . 2009-04-02 19:10   --------   d-----w-   c:\program files\ATI Technologies
2010-07-23 17:23 . 2010-07-07 14:12   425536   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-12 13:03 . 2010-07-12 13:03   --------   d-----w-   c:\program files\Citrix
2010-07-08 17:47 . 2004-08-04 07:56   218624   ----a-w-   c:\windows\system32\uxtheme.dll
2010-07-07 02:27 . 2010-09-08 13:54   5069312   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2009-08-14 01:21   53248   ----a-w-   c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2009-08-14 01:20   53248   ----a-w-   c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2009-08-14 01:19   4337664   ----a-w-   c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2009-08-14 01:47   15499264   ----a-w-   c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2009-04-02 22:52   311296   ----a-w-   c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2009-04-02 22:52   446464   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2009-04-02 22:52   299520   ----a-w-   c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2009-04-02 22:52   3869952   ----a-w-   c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2009-04-02 22:52   208896   ----a-w-   c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2009-08-14 02:10   155648   ----a-w-   c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2009-04-02 22:52   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2009-04-02 22:52   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2009-04-02 22:52   159744   ----a-w-   c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2009-04-02 22:52   602112   ----a-w-   c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2009-04-02 22:52   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-07-26 21:00   143360   ----a-w-   c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2009-04-02 22:52   2273920   ----a-w-   c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2009-04-02 22:52   887724   ----a-w-   c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2009-04-02 22:52   3   ----a-w-   c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2009-04-02 22:52   573440   ----a-w-   c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2009-04-02 22:52   393216   ----a-w-   c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2009-08-14 01:19   184320   ----a-w-   c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2009-04-02 22:52   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2009-04-02 22:52   704512   ----a-w-   c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2009-08-14 01:25   65024   ----a-w-   c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2009-04-02 22:52   65024   ----a-w-   c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2009-04-02 22:52   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2010-07-01 12:52 . 2010-06-25 20:51   54272   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\Office.Utility.dll
2010-07-01 12:52 . 2010-06-25 20:51   24064   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\Outlook.Utility.dll
2010-07-01 12:52 . 2010-06-04 18:34   10240   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\BccthisStore.dll
2010-07-01 12:52 . 2010-06-04 17:59   264704   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\Bccthis for Outlook 2007.dll
2010-07-01 12:52 . 2010-06-04 18:34   1074176   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\BccthisCore.dll
2010-07-01 12:52 . 2010-06-04 18:35   64512   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\BccthisCustomActions.dll
2010-06-30 18:47 . 2010-08-14 00:48   171848   ----a-w-   c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-06-30 12:31 . 2004-08-04 07:56   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 07:56   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 06:17   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-22 20:05 . 2009-04-08 16:31   24576   ----a-w-   c:\windows\system32\msxml3a.dll
2010-06-21 15:27 . 2010-09-08 13:54   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 07:56   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 07:56   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 07:56   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2009-04-02 20:57 . 2009-04-02 20:38   225   ----a-w-   c:\program files\PanaHDS.ini
.

------- Sigcheck -------

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . 891CC147CC1EAA759A7DA3050E7446FF . 1540608 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 891CC147CC1EAA759A7DA3050E7446FF . 1540608 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie8\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
(((((((((((((((((((((((((((((   SnapShot_2010-09-09_18.33.31   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-09 19:28 . 2010-09-09 19:28   16384              c:\windows\Temp\Perflib_Perfdata_974.dat
+ 2010-09-09 19:27 . 2010-09-09 19:27   16384              c:\windows\Temp\Perflib_Perfdata_41c.dat
+ 2008-08-08 01:47 . 2008-08-08 17:47   109184              c:\windows\system32\drivers\SafeBoot.sys
- 2008-08-08 01:47 . 2008-08-08 13:47   109184              c:\windows\system32\drivers\SafeBoot.sys
+ 2006-04-26 00:39 . 2010-09-09 19:16   2149048              c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LxrAutorun"="c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2006-11-09 24576]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-04-18 344064]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-19 773144]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-07-23 24848]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"RPT Msgsrv"="c:\program files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe" [2007-04-11 57344]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]

c:\documents and settings\Administrator.WAYNEOH\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Car-Part.com Trading Partner Software.lnk - c:\car-part\CPKeySrv.exe [2009-9-21 446976]
Job Status Utility.lnk - c:\program files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe [2008-6-24 147456]
Panasonic Communications Utility.lnk - c:\program files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe [2008-5-7 176128]
Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-4 429096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-28 01:41   109568   ----a-w-   c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-28 01:40   286720   ----a-w-   c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 23:23   69632   ----a-w-   c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-07-23 12:03   158992   ----a-w-   c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-04-19 20:54   3972440   ----a-w-   c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 16:58   75048   ------w-   c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2008-06-23 22:12   10244096   ----a-w-   c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2006-11-09 13:00   24576   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44   3883856   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 00:41   50472   ------w-   c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-08-20 01:23   329520   ----a-w-   c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2006-05-12 16:50   1138688   ------w-   c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 18:44   761856   ------w-   c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 13:55   87336   ------w-   c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-07-10 14:53   872448   ------w-   c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2010-06-25 17:26   67960   ----a-w-   c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
2008-11-06 15:33   288088   ----a-w-   c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Sophos AutoUpdate Service"=2 (0x2)
"SCardSvr"=3 (0x3)
"SAVService"=2 (0x2)
"RUBotted"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [8/7/2008 9:47 PM 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\sbalg.sys [9/8/2010 9:54 AM 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\sbfslock.sys [9/8/2010 9:54 AM 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [9/8/2010 9:54 AM 24064]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [9/8/2010 9:54 AM 12496]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [9/8/2010 9:54 AM 152192]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [9/8/2010 9:54 AM 24064]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [11/27/2007 9:42 PM 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:56 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:56 AM 14336]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/7/2008 9:58 AM 102400]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [8/19/2008 9:03 PM 32768]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [8/7/2008 8:23 PM 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [4/2/2009 3:16 PM 77824]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\lxrsii1d.sys [9/8/2010 9:54 AM 72672]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/2/2009 3:14 PM 576024]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [9/7/2009 12:11 PM 104488]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [4/2/2009 3:11 PM 2054680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/2/2009 4:54 PM 24652]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [3/16/2010 5:52 AM 55016]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [9/8/2010 9:54 AM 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/8/2010 9:54 AM 44800]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\Temp\drv1.tmp [9/9/2010 3:27 PM 3584]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys [9/8/2010 9:54 AM 206608]
S0 sasqxwg;sasqxwg;c:\windows\system32\drivers\rukgusf.sys --> c:\windows\system32\drivers\rukgusf.sys [?]
S2 HIT_PARA;HIT_PARA;c:\windows\system32\drivers\HIT_Para.sys [8/6/2009 9:04 AM 8204]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [8/6/2008 6:43 PM 32256]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [8/6/2008 7:24 PM 349432]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\nsak.sys --> c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\nsak.sys [?]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\tmpassthru.sys [9/8/2010 9:54 AM 206608]
S3 TRCDR;TriCoder High-Speed USB Driver;c:\windows\system32\drivers\trcdr.sys [10/27/2009 11:59 AM 31580]
S4 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [7/22/2010 8:29 AM 582992]
S4 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [9/7/2009 12:11 PM 93736]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [4/2/2009 4:22 PM 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ      ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\carpart-s.job
- c:\pkzip\carpart.exe [2009-11-06 05:22]

2010-09-09 c:\windows\Tasks\carpart-u.job
- c:\pkzip\carpart.exe [2009-11-06 05:22]

2009-04-06 c:\windows\Tasks\carpart-y.job
- c:\pkzip\carpart.exe [2009-11-06 05:22]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896309248-2135147926-942686866-500Core.job
- c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 16:59]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896309248-2135147926-942686866-500UA.job
- c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 16:59]

2009-04-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2009-04-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

2009-04-06 c:\windows\Tasks\reboot.job
- c:\pkzip\reboot.exe [2001-09-04 13:24]

2010-09-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-16 14:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {9AF3523A-8514-4B72-8D8E-8E82CE4622EB} = 10.0.0.5,209.18.47.61
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {AA20E549-5BF2-4FA3-AA8B-3D3ED2657597} - hxxps://paytrace.com/com/P250/PayTraceReceiptPrinter.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 15:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A030EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
\Driver\iaStor -> iaStor.sys @ 0xb9e6e6ae
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82567LM-3 Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d42bb0
 PacketIndicateHandler -> NDIS.sys @ 0xb9d4fb21
 SendHandler -> NDIS.sys @ 0xb9d2d87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,52,bd,91,59,16,86,4d,bb,7f,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,52,bd,91,59,16,86,4d,bb,7f,d4,\

[HKEY_USERS\S-1-5-21-3896309248-2135147926-942686866-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,58,0c,99,25,11,a8,40,bf,58,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,58,0c,99,25,11,a8,40,bf,58,9e,\

[HKEY_USERS\S-1-5-21-3896309248-2135147926-942686866-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B24B661A-689C-1B5D-4D96-89BD53ADA725}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iamlaejjlmlbjhipii"=hex:69,61,6b,69,65,6c,61,6a,6d,68,65,6c,6e,70,6a,6d,6a,70,
   00,00
"hagmgdokjijgkjng"=hex:69,61,6b,69,65,6c,61,6a,6d,68,65,6c,6e,70,6a,6d,6a,70,
   00,00

[HKEY_USERS\S-1-5-21-3896309248-2135147926-942686866-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9C7A745-BD18-8C04-1FC8-EA589C805FFC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hambfidannfibhnp"=hex:66,61,6e,66,6d,68,68,62,61,62,68,6b,00,d1
"ialabjcjhloiplplcb"=hex:6a,61,63,67,70,65,6f,62,65,70,67,64,68,61,6f,63,65,65,
   65,6b,00,fa
"haffelkpkhbacbfo"=hex:6a,61,70,66,6e,65,6f,6f,66,6e,61,67,64,6c,67,61,6f,66,
   70,62,00,46

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WININET.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\WININET.dll
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(6000)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Panasonic\TrapMonitor\Trapmnnt.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
c:\program files\Digsby\lib\digsby-app.exe
.
**************************************************************************
.
Completion time: 2010-09-09  15:35:51 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-09 19:35
ComboFix2.txt  2010-09-09 18:39
ComboFix3.txt  2010-09-07 12:34
ComboFix4.txt  2010-09-03 13:21

Pre-Run: 418,979,500,032 bytes free
Post-Run: 418,965,839,872 bytes free

- - End Of File - - 5237A117BD8F0E703B84002F30045B62

 4 
 on: September 09, 2010, 12:54:48 PM 
Started by theotherguy - Last post by theotherguy
Followed directions. ran malwarebytes and found 0 files infected. Forwarding is now worse. same search (laptop) and every site forwarded and one popped up the anitivirus pro (which i've had to remove many times on the other computers here) and one tried to open a .wmv file, I shut it down before it opened. I'm about at that point of reformat unless you would like to keep searching. I appreciate everything that has been looked at and done but i don't want to be a pest to this forum. If you can not see anything that sticks out then i will back up what i can and reformat the machine.

Thanks

 5 
 on: September 09, 2010, 10:57:29 AM 
Started by theotherguy - Last post by Unzy
Here it is, probably hidden :

S0 sasqxwg;sasqxwg;c:\windows\system32\drivers\rukgusf.sys --> c:\windows\system32\drivers\rukgusf.sys

Do the following :

copy ONLY THE BOLD part into notepad (it must be notepad!) and save it as CFScript.txt on your desktop:

File::
c:\windows\system32\drivers\rukgusf.sys

Driver::
rukgusf.sys

When done click and drag the CFScript.txt and drop it onto the combofix icon on your desktop. Combofix will start again , let it do and reboot the pc.

Do a fresh scan with MBAM (malwarebytes antimalware -> update it first!)

Let us know if that helped

 6 
 on: September 09, 2010, 10:43:37 AM 
Started by theotherguy - Last post by theotherguy
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LxrAutorun"="c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2006-11-09 24576]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-04-18 344064]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-19 773144]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-07-23 24848]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"RPT Msgsrv"="c:\program files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe" [2007-04-11 57344]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]

c:\documents and settings\Administrator.WAYNEOH\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Car-Part.com Trading Partner Software.lnk - c:\car-part\CPKeySrv.exe [2009-9-21 446976]
Job Status Utility.lnk - c:\program files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe [2008-6-24 147456]
Panasonic Communications Utility.lnk - c:\program files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe [2008-5-7 176128]
Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-4 429096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-28 01:41   109568   ----a-w-   c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-28 01:40   286720   ----a-w-   c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 23:23   69632   ----a-w-   c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-07-23 12:03   158992   ----a-w-   c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-04-19 20:54   3972440   ----a-w-   c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 16:58   75048   ------w-   c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2008-06-23 22:12   10244096   ----a-w-   c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2006-11-09 13:00   24576   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44   3883856   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 00:41   50472   ------w-   c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-08-20 01:23   329520   ----a-w-   c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2006-05-12 16:50   1138688   ------w-   c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 18:44   761856   ------w-   c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 13:55   87336   ------w-   c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-07-10 14:53   872448   ------w-   c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2010-06-25 17:26   67960   ----a-w-   c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
2008-11-06 15:33   288088   ----a-w-   c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Sophos AutoUpdate Service"=2 (0x2)
"SCardSvr"=3 (0x3)
"SAVService"=2 (0x2)
"RUBotted"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [8/7/2008 9:47 PM 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\sbalg.sys [9/8/2010 9:54 AM 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\sbfslock.sys [9/8/2010 9:54 AM 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [9/8/2010 9:54 AM 24064]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [9/8/2010 9:54 AM 12496]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [9/8/2010 9:54 AM 152192]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [9/8/2010 9:54 AM 24064]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [11/27/2007 9:42 PM 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:56 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:56 AM 14336]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/7/2008 9:58 AM 102400]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [8/19/2008 9:03 PM 32768]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [8/7/2008 8:23 PM 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [4/2/2009 3:16 PM 77824]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\lxrsii1d.sys [9/8/2010 9:54 AM 72672]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/2/2009 3:14 PM 576024]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [9/7/2009 12:11 PM 104488]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [4/2/2009 3:11 PM 2054680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/2/2009 4:54 PM 24652]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [3/16/2010 5:52 AM 55016]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [9/8/2010 9:54 AM 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/8/2010 9:54 AM 44800]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\Temp\drv1.tmp [9/9/2010 2:30 PM 3584]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys [9/8/2010 9:54 AM 206608]
S0 sasqxwg;sasqxwg;c:\windows\system32\drivers\rukgusf.sys --> c:\windows\system32\drivers\rukgusf.sys [?]
S2 HIT_PARA;HIT_PARA;c:\windows\system32\drivers\HIT_Para.sys [8/6/2009 9:04 AM 8204]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [8/6/2008 6:43 PM 32256]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [8/6/2008 7:24 PM 349432]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\nsak.sys --> c:\docume~1\ADMINI~2.WAY\LOCALS~1\Temp\00000ab1.nmc\nse\bin\nsak.sys [?]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\tmpassthru.sys [9/8/2010 9:54 AM 206608]
S3 TRCDR;TriCoder High-Speed USB Driver;c:\windows\system32\drivers\trcdr.sys [10/27/2009 11:59 AM 31580]
S4 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [7/22/2010 8:29 AM 582992]
S4 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [9/7/2009 12:11 PM 93736]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [4/2/2009 4:22 PM 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ      ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\carpart-s.job
- c:\pkzip\carpart.exe [2009-11-06 05:22]

2010-09-09 c:\windows\Tasks\carpart-u.job
- c:\pkzip\carpart.exe [2009-11-06 05:22]

2009-04-06 c:\windows\Tasks\carpart-y.job
- c:\pkzip\carpart.exe [2009-11-06 05:22]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896309248-2135147926-942686866-500Core.job
- c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 16:59]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896309248-2135147926-942686866-500UA.job
- c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 16:59]

2009-04-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2009-04-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

2009-04-06 c:\windows\Tasks\reboot.job
- c:\pkzip\reboot.exe [2001-09-04 13:24]

2010-09-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-16 14:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {9AF3523A-8514-4B72-8D8E-8E82CE4622EB} = 10.0.0.5,209.18.47.61
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {AA20E549-5BF2-4FA3-AA8B-3D3ED2657597} - hxxps://paytrace.com/com/P250/PayTraceReceiptPrinter.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A02BEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
\Driver\iaStor -> iaStor.sys @ 0xb9e6e6ae
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82567LM-3 Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d42bb0
 PacketIndicateHandler -> NDIS.sys @ 0xb9d4fb21
 SendHandler -> NDIS.sys @ 0xb9d2d87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,52,bd,91,59,16,86,4d,bb,7f,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,52,bd,91,59,16,86,4d,bb,7f,d4,\

[HKEY_USERS\S-1-5-21-3896309248-2135147926-942686866-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,58,0c,99,25,11,a8,40,bf,58,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,58,0c,99,25,11,a8,40,bf,58,9e,\

[HKEY_USERS\S-1-5-21-3896309248-2135147926-942686866-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B24B661A-689C-1B5D-4D96-89BD53ADA725}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iamlaejjlmlbjhipii"=hex:69,61,6b,69,65,6c,61,6a,6d,68,65,6c,6e,70,6a,6d,6a,70,
   00,00
"hagmgdokjijgkjng"=hex:69,61,6b,69,65,6c,61,6a,6d,68,65,6c,6e,70,6a,6d,6a,70,
   00,00

[HKEY_USERS\S-1-5-21-3896309248-2135147926-942686866-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9C7A745-BD18-8C04-1FC8-EA589C805FFC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hambfidannfibhnp"=hex:66,61,6e,66,6d,68,68,62,61,62,68,6b,00,d1
"ialabjcjhloiplplcb"=hex:6a,61,63,67,70,65,6f,62,65,70,67,64,68,61,6f,63,65,65,
   65,6b,00,fa
"haffelkpkhbacbfo"=hex:6a,61,70,66,6e,65,6f,6f,66,6e,61,67,64,6c,67,61,6f,66,
   70,62,00,46

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WININET.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\WININET.dll
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(4956)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Panasonic\TrapMonitor\Trapmnnt.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
c:\program files\Digsby\lib\digsby-app.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2010-09-09  14:39:02 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-09 18:38
ComboFix2.txt  2010-09-07 12:34
ComboFix3.txt  2010-09-03 13:21

Pre-Run: 418,907,627,520 bytes free
Post-Run: 418,936,492,032 bytes free

- - End Of File - - E105A2A59714480FFCA4838A5F81EF71

 7 
 on: September 09, 2010, 10:43:14 AM 
Started by theotherguy - Last post by theotherguy
ComboFix 10-09-08.03 - Administrator 09/09/2010  14:20:19.2.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3579.2982 [GMT -4:00]
Running from: c:\documents and settings\Administrator.WAYNEOH\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts
c:\windows\Temp\tmp3.tmp

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.
(((((((((((((((((((((((((   Files Created from 2010-08-09 to 2010-09-09  )))))))))))))))))))))))))))))))
.

2010-09-08 19:28 . 2010-09-08 19:28   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\AVS4YOU
2010-09-08 19:26 . 2010-06-22 18:57   10915840   ----a-w-   c:\windows\system32\libmfxhw32.dll
2010-09-08 19:26 . 2010-06-22 18:57   10833920   ----a-w-   c:\windows\system32\libmfxsw32.dll
2010-09-08 19:26 . 2010-09-08 19:27   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-09-08 19:25 . 2010-09-08 19:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVS4YOU
2010-09-08 19:25 . 2010-09-08 19:27   --------   d-----w-   c:\program files\AVS4YOU
2010-09-08 19:25 . 2010-06-22 20:05   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
2010-09-08 17:01 . 2009-08-16 15:08   178176   ----a-w-   c:\windows\system32\unrar.dll
2010-09-08 12:15 . 2010-09-08 12:15   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-09-07 16:04 . 2010-09-08 12:15   --------   d-----w-   C:\RECYCLER(2)
2010-09-03 12:54 . 2010-09-09 18:30   118784   ----a-w-   c:\windows\system32\chg.exe
2010-09-02 15:07 . 2010-09-02 15:08   --------   d-----w-   C:\rsit
2010-09-01 16:59 . 2010-09-01 17:00   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Temp
2010-09-01 16:59 . 2010-09-01 17:00   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Google
2010-08-26 12:50 . 2010-08-26 13:31   161296   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2010-08-25 03:19 . 2010-08-25 12:01   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\ifhmvodou
2010-08-25 03:19 . 2010-08-25 03:19   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-19 15:41 . 2010-08-19 15:41   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Local Settings\Application Data\Threat Expert
2010-08-19 14:52 . 2010-08-19 14:52   388096   ----a-r-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-16 20:50 . 2010-08-16 20:50   1419232   ----a-w-   c:\windows\system32\WdfCoInstaller01005.dll
2010-08-16 20:19 . 2010-08-16 20:19   --------   d-----w-   c:\documents and settings\All Users\Uniblue
2010-08-16 20:17 . 2010-08-16 20:18   --------   d-----w-   c:\program files\Uniblue

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 18:47 . 2009-08-31 13:34   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Apple Computer
2010-09-08 17:16 . 2009-04-08 16:31   --------   d---a-w-   c:\documents and settings\All Users\Application Data\Temp
2010-09-03 12:02 . 2009-10-12 12:25   --------   d-----w-   c:\program files\Trend Micro
2010-09-02 13:18 . 2010-06-08 16:00   --------   d-----w-   c:\program files\Digsby
2010-08-25 18:42 . 2009-04-02 19:10   --------   d-----w-   c:\program files\Analog Devices
2010-08-25 03:19 . 2009-07-20 23:30   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-08-19 17:32 . 2010-05-28 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\DVD Shrink
2010-08-16 20:51 . 2010-08-16 20:51   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-08-16 20:51 . 2010-08-16 20:51   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-16 20:18 . 2010-07-30 13:13   --------   d-----w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Uniblue
2010-08-13 19:17 . 2010-03-15 15:27   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-13 07:06 . 2009-04-02 20:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-03 12:45 . 2009-08-19 12:06   --------   d-----w-   c:\program files\MSECACHE
2010-07-30 13:27 . 2010-07-30 13:21   --------   d-----w-   c:\program files\Free Window Registry Repair
2010-07-27 12:25 . 2010-07-27 12:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATI
2010-07-26 21:08 . 2009-11-30 15:10   --------   d-----w-   c:\program files\ATI
2010-07-26 21:07 . 2009-04-02 19:10   --------   d-----w-   c:\program files\ATI Technologies
2010-07-23 17:23 . 2010-07-07 14:12   425536   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-22 12:29 . 2009-04-02 19:10   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-12 13:03 . 2010-07-12 13:03   --------   d-----w-   c:\program files\Citrix
2010-07-08 17:47 . 2004-08-04 07:56   218624   ----a-w-   c:\windows\system32\uxtheme.dll
2010-07-07 02:27 . 2010-09-08 13:54   5069312   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2009-08-14 01:21   53248   ----a-w-   c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2009-08-14 01:20   53248   ----a-w-   c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2009-08-14 01:19   4337664   ----a-w-   c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2009-08-14 01:47   15499264   ----a-w-   c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2009-04-02 22:52   311296   ----a-w-   c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2009-04-02 22:52   446464   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2009-04-02 22:52   299520   ----a-w-   c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2009-04-02 22:52   3869952   ----a-w-   c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2009-04-02 22:52   208896   ----a-w-   c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2009-08-14 02:10   155648   ----a-w-   c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2009-04-02 22:52   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2009-04-02 22:52   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2009-04-02 22:52   159744   ----a-w-   c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2009-04-02 22:52   602112   ----a-w-   c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2009-04-02 22:52   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-07-26 21:00   143360   ----a-w-   c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2009-04-02 22:52   2273920   ----a-w-   c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2009-04-02 22:52   887724   ----a-w-   c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2009-04-02 22:52   3   ----a-w-   c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2009-04-02 22:52   573440   ----a-w-   c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2009-04-02 22:52   393216   ----a-w-   c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2009-08-14 01:19   184320   ----a-w-   c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2009-04-02 22:52   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2009-04-02 22:52   704512   ----a-w-   c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2009-08-14 01:25   65024   ----a-w-   c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2009-04-02 22:52   65024   ----a-w-   c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2009-04-02 22:52   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2010-07-01 12:52 . 2010-06-25 20:51   54272   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\Office.Utility.dll
2010-07-01 12:52 . 2010-06-25 20:51   24064   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\Outlook.Utility.dll
2010-07-01 12:52 . 2010-06-04 18:34   10240   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\BccthisStore.dll
2010-07-01 12:52 . 2010-06-04 17:59   264704   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\Bccthis for Outlook 2007.dll
2010-07-01 12:52 . 2010-06-04 18:34   1074176   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\BccthisCore.dll
2010-07-01 12:52 . 2010-06-04 18:35   64512   ----a-w-   c:\documents and settings\Administrator.WAYNEOH\Application Data\Bccthis\BccthisCustomActions.dll
2010-06-30 18:47 . 2010-08-14 00:48   171848   ----a-w-   c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-06-30 12:31 . 2004-08-04 07:56   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 07:56   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 06:17   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-22 20:05 . 2009-04-08 16:31   24576   ----a-w-   c:\windows\system32\msxml3a.dll
2010-06-21 15:27 . 2010-09-08 13:54   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 07:56   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 07:56   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 07:56   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2009-04-02 20:57 . 2009-04-02 20:38   225   ----a-w-   c:\program files\PanaHDS.ini
.

------- Sigcheck -------

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . 891CC147CC1EAA759A7DA3050E7446FF . 1540608 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 891CC147CC1EAA759A7DA3050E7446FF . 1540608 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie8\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
(((((((((((((((((((((((((((((   SnapShot@2010-09-03_13.14.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:54 . 2009-07-12 00:54   65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07   57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19   69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-09-09 18:30 . 2010-09-09 18:30   16384              c:\windows\Temp\Perflib_Perfdata_884.dat
+ 2010-09-09 18:31 . 2010-09-09 18:31   16384              c:\windows\Temp\Perflib_Perfdata_6cc.dat
- 2004-08-04 01:15 . 2008-04-13 19:17   83072              c:\windows\system32\drivers\wdmaud.sys
+ 2010-09-08 13:54 . 2008-04-13 19:17   83072              c:\windows\system32\drivers\wdmaud.sys
- 2004-08-04 06:04 . 2008-04-13 18:57   34560              c:\windows\system32\drivers\wanarp.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   34560              c:\windows\system32\drivers\wanarp.sys
+ 2010-09-08 13:54 . 2008-04-13 18:41   52352              c:\windows\system32\drivers\volsnap.sys
- 2004-08-04 06:00 . 2008-04-13 18:41   52352              c:\windows\system32\drivers\volsnap.sys
+ 2010-09-08 13:54 . 2008-04-13 18:44   81664              c:\windows\system32\drivers\videoprt.sys
- 2004-08-04 06:07 . 2008-04-13 18:44   81664              c:\windows\system32\drivers\videoprt.sys
- 2004-08-04 06:07 . 2008-04-13 18:44   20992              c:\windows\system32\drivers\vga.sys
+ 2010-09-08 13:54 . 2008-04-13 18:44   20992              c:\windows\system32\drivers\vga.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   20608              c:\windows\system32\drivers\usbuhci.sys
- 2004-08-04 06:08 . 2008-04-13 18:45   20608              c:\windows\system32\drivers\usbuhci.sys
- 2009-04-02 20:12 . 2008-04-13 18:45   26368              c:\windows\system32\drivers\usbstor.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   26368              c:\windows\system32\drivers\usbstor.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   59520              c:\windows\system32\drivers\usbhub.sys
- 2004-08-04 06:08 . 2008-04-13 18:45   59520              c:\windows\system32\drivers\usbhub.sys
- 2009-04-02 22:56 . 2008-04-13 18:45   30208              c:\windows\system32\drivers\usbehci.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   30208              c:\windows\system32\drivers\usbehci.sys
- 2009-04-02 22:56 . 2008-04-13 18:45   32128              c:\windows\system32\drivers\usbccgp.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   32128              c:\windows\system32\drivers\usbccgp.sys
- 2004-08-04 10:01 . 2008-04-14 00:13   40840              c:\windows\system32\drivers\termdd.sys
+ 2010-09-08 13:54 . 2008-04-14 00:13   40840              c:\windows\system32\drivers\termdd.sys
- 2004-08-04 08:01 . 2008-04-14 00:13   21896              c:\windows\system32\drivers\tdtcp.sys
+ 2010-09-08 13:54 . 2008-04-14 00:13   21896              c:\windows\system32\drivers\tdtcp.sys
- 2004-08-04 06:07 . 2008-04-13 19:00   19072              c:\windows\system32\drivers\tdi.sys
+ 2010-09-08 13:54 . 2008-04-13 19:00   19072              c:\windows\system32\drivers\tdi.sys
+ 2010-09-08 13:54 . 2008-04-13 19:15   60800              c:\windows\system32\drivers\sysaudio.sys
- 2004-08-04 01:15 . 2008-04-13 19:15   60800              c:\windows\system32\drivers\sysaudio.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   73472              c:\windows\system32\drivers\sr.sys
- 2004-08-04 06:06 . 2008-04-13 18:36   73472              c:\windows\system32\drivers\sr.sys
- 2008-03-28 15:14 . 2008-03-28 15:14   24064              c:\windows\system32\drivers\sfaudio.sys
+ 2010-09-08 13:54 . 2008-03-28 15:14   24064              c:\windows\system32\drivers\sfaudio.sys
- 2004-08-04 06:15 . 2008-04-13 19:15   64512              c:\windows\system32\drivers\serial.sys
+ 2010-09-08 13:54 . 2008-04-13 19:15   64512              c:\windows\system32\drivers\serial.sys
- 2004-08-04 05:59 . 2008-04-13 18:40   15744              c:\windows\system32\drivers\serenum.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   15744              c:\windows\system32\drivers\serenum.sys
+ 2010-09-08 13:54 . 2008-08-08 01:47   12928              c:\windows\system32\drivers\sbfslock.sys
- 2008-08-08 01:47 . 2008-08-08 01:47   12928              c:\windows\system32\drivers\SbFsLock.sys
- 2008-08-08 01:47 . 2008-08-08 01:47   51376              c:\windows\system32\drivers\SbAlg.sys
+ 2010-09-08 13:54 . 2008-08-08 01:47   51376              c:\windows\system32\drivers\sbalg.sys
+ 2010-09-08 13:54 . 2009-07-30 16:36   24064              c:\windows\system32\drivers\savonaccessfilter.sys
- 2009-04-02 20:15 . 2009-07-30 16:36   24064              c:\windows\system32\drivers\savonaccessfilter.sys
- 2008-08-08 01:47 . 2008-08-08 01:47   12496              c:\windows\system32\drivers\rsvlock.sys
+ 2010-09-08 13:54 . 2008-08-08 01:47   12496              c:\windows\system32\drivers\rsvlock.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   57600              c:\windows\system32\drivers\redbook.sys
- 2009-04-02 22:56 . 2008-04-13 18:40   57600              c:\windows\system32\drivers\redbook.sys
- 2001-08-17 20:55 . 2001-08-17 20:55   16512              c:\windows\system32\drivers\raspti.sys
+ 2010-09-08 13:54 . 2001-08-17 20:55   16512              c:\windows\system32\drivers\raspti.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   48384              c:\windows\system32\drivers\raspptp.sys
- 2004-08-04 06:14 . 2008-04-13 19:19   48384              c:\windows\system32\drivers\raspptp.sys
- 2004-08-04 06:05 . 2008-04-13 18:57   41472              c:\windows\system32\drivers\raspppoe.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   41472              c:\windows\system32\drivers\raspppoe.sys
- 2004-08-04 06:14 . 2008-04-13 19:19   51328              c:\windows\system32\drivers\rasl2tp.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   51328              c:\windows\system32\drivers\rasl2tp.sys
+ 2010-09-08 13:54 . 2001-08-17 20:49   17792              c:\windows\system32\drivers\ptilink.sys
- 2001-08-17 20:49 . 2001-08-17 20:49   17792              c:\windows\system32\drivers\ptilink.sys
- 2004-08-04 06:04 . 2008-04-13 18:56   69120              c:\windows\system32\drivers\psched.sys
+ 2010-09-08 13:54 . 2008-04-13 18:56   69120              c:\windows\system32\drivers\psched.sys
- 2009-04-02 21:24 . 2008-06-10 20:04   31048              c:\windows\system32\drivers\point32.sys
+ 2010-09-08 13:54 . 2008-06-10 20:04   31048              c:\windows\system32\drivers\point32.sys
- 2004-08-04 05:59 . 2008-04-13 18:40   24960              c:\windows\system32\drivers\pciidex.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   24960              c:\windows\system32\drivers\pciidex.sys
- 2004-08-04 06:07 . 2008-04-13 18:36   68224              c:\windows\system32\drivers\pci.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   68224              c:\windows\system32\drivers\pci.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   19712              c:\windows\system32\drivers\partmgr.sys
- 2001-08-18 05:24 . 2008-04-13 18:40   19712              c:\windows\system32\drivers\partmgr.sys
- 2004-08-04 06:00 . 2008-04-13 18:32   30848              c:\windows\system32\drivers\npfs.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   30848              c:\windows\system32\drivers\npfs.sys
+ 2010-09-08 13:54 . 2008-04-13 18:56   34688              c:\windows\system32\drivers\netbios.sys
- 2004-08-04 06:03 . 2008-04-13 18:56   34688              c:\windows\system32\drivers\netbios.sys
- 2001-08-17 20:55 . 2008-04-13 18:57   40576              c:\windows\system32\drivers\ndproxy.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   40576              c:\windows\system32\drivers\ndproxy.sys
+ 2010-09-08 13:54 . 2008-04-24 11:49   91776              c:\windows\system32\drivers\ndiswan.sys
- 2004-08-04 06:14 . 2008-04-24 11:49   91776              c:\windows\system32\drivers\ndiswan.sys
+ 2010-09-08 13:54 . 2008-04-13 18:55   14592              c:\windows\system32\drivers\ndisuio.sys
- 2006-02-28 09:00 . 2008-04-13 18:55   14592              c:\windows\system32\drivers\ndisuio.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   10112              c:\windows\system32\drivers\ndistapi.sys
- 2001-08-17 20:55 . 2008-04-13 18:57   10112              c:\windows\system32\drivers\ndistapi.sys
- 2006-02-28 09:00 . 2008-04-13 18:36   15488              c:\windows\system32\drivers\mssmbios.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   15488              c:\windows\system32\drivers\mssmbios.sys
- 2004-08-04 06:04 . 2008-04-13 18:56   35072              c:\windows\system32\drivers\msgpc.sys
+ 2010-09-08 13:54 . 2008-04-13 18:56   35072              c:\windows\system32\drivers\msgpc.sys
- 2004-08-04 06:00 . 2008-04-13 18:32   19072              c:\windows\system32\drivers\msfs.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   19072              c:\windows\system32\drivers\msfs.sys
+ 2010-09-08 13:54 . 2008-04-13 18:39   42368              c:\windows\system32\drivers\mountmgr.sys
- 2004-08-04 05:58 . 2008-04-13 18:39   42368              c:\windows\system32\drivers\mountmgr.sys
+ 2010-09-08 13:54 . 2001-08-17 17:48   12160              c:\windows\system32\drivers\mouhid.sys
- 2009-04-02 22:56 . 2001-08-17 17:48   12160              c:\windows\system32\drivers\mouhid.sys
- 2006-02-28 09:00 . 2008-04-13 18:39   23040              c:\windows\system32\drivers\mouclass.sys
+ 2010-09-08 13:54 . 2008-04-13 18:39   23040              c:\windows\system32\drivers\mouclass.sys
- 2010-05-11 13:09 . 2006-12-14 11:37   72672              c:\windows\system32\drivers\LxrSII1d.sys
+ 2010-09-08 13:54 . 2006-12-14 11:37   72672              c:\windows\system32\drivers\lxrsii1d.sys
+ 2010-09-08 13:54 . 2009-06-24 11:18   92928              c:\windows\system32\drivers\ksecdd.sys
- 2009-04-02 22:48 . 2009-06-24 11:18   92928              c:\windows\system32\drivers\ksecdd.sys
+ 2010-09-08 13:54 . 2004-08-04 06:58   14848              c:\windows\system32\drivers\kbdhid.sys
- 2009-04-02 22:56 . 2004-08-04 06:58   14848              c:\windows\system32\drivers\kbdhid.sys
- 2004-08-04 05:58 . 2004-08-04 05:58   24576              c:\windows\system32\drivers\kbdclass.sys
+ 2010-09-08 13:54 . 2004-08-04 05:58   24576              c:\windows\system32\drivers\kbdclass.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   37248              c:\windows\system32\drivers\isapnp.sys
- 2001-08-17 20:58 . 2008-04-13 18:36   37248              c:\windows\system32\drivers\isapnp.sys
- 2004-08-04 06:14 . 2008-04-13 19:19   75264              c:\windows\system32\drivers\ipsec.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   75264              c:\windows\system32\drivers\ipsec.sys
- 2004-08-04 05:59 . 2008-04-13 18:31   36352              c:\windows\system32\drivers\intelppm.sys
+ 2010-09-08 13:54 . 2008-04-13 18:31   36352              c:\windows\system32\drivers\intelppm.sys
- 2004-08-04 06:00 . 2008-04-13 18:40   42112              c:\windows\system32\drivers\imapi.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   42112              c:\windows\system32\drivers\imapi.sys
- 2009-04-02 22:46 . 2007-12-18 09:46   44800              c:\windows\system32\drivers\ifxtpm.sys
+ 2010-09-08 13:54 . 2007-12-18 09:46   44800              c:\windows\system32\drivers\ifxtpm.sys
- 2009-04-02 22:56 . 2008-04-13 18:45   10368              c:\windows\system32\drivers\hidusb.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   10368              c:\windows\system32\drivers\hidusb.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   24960              c:\windows\system32\drivers\hidparse.sys
- 2004-08-04 06:08 . 2008-04-13 18:45   24960              c:\windows\system32\drivers\hidparse.sys
- 2004-08-04 06:08 . 2008-04-13 18:45   36864              c:\windows\system32\drivers\hidclass.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   36864              c:\windows\system32\drivers\hidclass.sys
+ 2010-09-08 13:54 . 2008-07-19 14:40   40832              c:\windows\system32\drivers\heci.sys
- 2009-04-02 22:52 . 2008-07-19 14:40   40832              c:\windows\system32\drivers\HECI.sys
- 2009-08-31 13:34 . 2009-03-19 20:32   23400              c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2010-09-08 13:54 . 2009-03-19 20:32   23400              c:\windows\system32\drivers\gearaspiwdm.sys
- 2001-08-18 05:24 . 2008-04-13 18:33   44544              c:\windows\system32\drivers\fips.sys
+ 2010-09-08 13:54 . 2008-04-13 18:33   44544              c:\windows\system32\drivers\fips.sys
- 2004-08-04 05:59 . 2008-04-13 18:40   27392              c:\windows\system32\drivers\fdc.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   27392              c:\windows\system32\drivers\fdc.sys
- 2001-08-17 20:53 . 2001-08-17 20:53   10496              c:\windows\system32\drivers\dxapi.sys
+ 2010-09-08 13:54 . 2001-08-17 20:53   10496              c:\windows\system32\drivers\dxapi.sys
- 2004-08-04 01:08 . 2008-04-13 18:45   60160              c:\windows\system32\drivers\drmk.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   60160              c:\windows\system32\drivers\drmk.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   36352              c:\windows\system32\drivers\disk.sys
- 2004-08-04 05:59 . 2008-04-13 18:40   36352              c:\windows\system32\drivers\disk.sys
- 2004-08-04 06:14 . 2008-04-13 19:16   49536              c:\windows\system32\drivers\classpnp.sys
+ 2010-09-08 13:54 . 2008-04-13 19:16   49536              c:\windows\system32\drivers\classpnp.sys
- 2004-08-04 05:59 . 2008-04-13 18:40   62976              c:\windows\system32\drivers\cdrom.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   62976              c:\windows\system32\drivers\cdrom.sys
- 2004-08-04 06:14 . 2008-04-13 19:14   63744              c:\windows\system32\drivers\cdfs.sys
+ 2010-09-08 13:54 . 2008-04-13 19:14   63744              c:\windows\system32\drivers\cdfs.sys
- 2004-08-04 05:59 . 2008-04-13 18:40   96512              c:\windows\system32\drivers\atapi.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   96512              c:\windows\system32\drivers\atapi.sys
+ 2010-09-08 13:54 . 2008-08-14 12:57   74720              c:\windows\system32\drivers\adfs.sys
- 2008-08-14 12:57 . 2008-08-14 12:57   74720              c:\windows\system32\drivers\adfs.sys
+ 2010-09-08 13:54 . 2008-04-13 19:17   83072              c:\windows\system32\dllcache\wdmaud.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   34560              c:\windows\system32\dllcache\wanarp.sys
+ 2010-09-08 13:54 . 2008-04-13 18:41   52352              c:\windows\system32\dllcache\volsnap.sys
+ 2010-09-08 13:54 . 2008-04-13 18:44   81664              c:\windows\system32\dllcache\videoprt.sys
+ 2010-09-08 13:54 . 2008-04-13 18:44   20992              c:\windows\system32\dllcache\vga.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   20608              c:\windows\system32\dllcache\usbuhci.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   26368              c:\windows\system32\dllcache\usbstor.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   59520              c:\windows\system32\dllcache\usbhub.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   30208              c:\windows\system32\dllcache\usbehci.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   32128              c:\windows\system32\dllcache\usbccgp.sys
+ 2010-09-08 13:54 . 2008-04-14 00:13   40840              c:\windows\system32\dllcache\termdd.sys
+ 2010-09-08 13:54 . 2008-04-14 00:13   21896              c:\windows\system32\dllcache\tdtcp.sys
+ 2010-09-08 13:54 . 2008-04-13 19:00   19072              c:\windows\system32\dllcache\tdi.sys
+ 2010-09-08 13:54 . 2008-04-13 19:15   60800              c:\windows\system32\dllcache\sysaudio.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   73472              c:\windows\system32\dllcache\sr.sys
+ 2010-09-08 13:54 . 2008-04-13 19:15   64512              c:\windows\system32\dllcache\serial.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   15744              c:\windows\system32\dllcache\serenum.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   57600              c:\windows\system32\dllcache\redbook.sys
+ 2010-09-08 13:54 . 2001-08-17 20:55   16512              c:\windows\system32\dllcache\raspti.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   48384              c:\windows\system32\dllcache\raspptp.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   41472              c:\windows\system32\dllcache\raspppoe.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   51328              c:\windows\system32\dllcache\rasl2tp.sys
+ 2010-09-08 13:54 . 2001-08-17 20:49   17792              c:\windows\system32\dllcache\ptilink.sys
+ 2010-09-08 13:54 . 2008-04-13 18:56   69120              c:\windows\system32\dllcache\psched.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   24960              c:\windows\system32\dllcache\pciidex.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   68224              c:\windows\system32\dllcache\pci.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   19712              c:\windows\system32\dllcache\partmgr.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   30848              c:\windows\system32\dllcache\npfs.sys
+ 2010-09-08 13:54 . 2008-04-13 18:56   34688              c:\windows\system32\dllcache\netbios.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   40576              c:\windows\system32\dllcache\ndproxy.sys
+ 2010-09-08 13:54 . 2008-04-24 11:49   91776              c:\windows\system32\dllcache\ndiswan.sys
- 2009-04-02 19:08 . 2008-04-24 11:49   91776              c:\windows\system32\dllcache\ndiswan.sys
+ 2010-09-08 13:54 . 2008-04-13 18:55   14592              c:\windows\system32\dllcache\ndisuio.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   10112              c:\windows\system32\dllcache\ndistapi.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   15488              c:\windows\system32\dllcache\mssmbios.sys
+ 2010-09-08 13:54 . 2008-04-13 18:56   35072              c:\windows\system32\dllcache\msgpc.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   19072              c:\windows\system32\dllcache\msfs.sys
+ 2010-09-08 13:54 . 2008-04-13 18:39   42368              c:\windows\system32\dllcache\mountmgr.sys
+ 2010-09-08 13:54 . 2001-08-17 17:48   12160              c:\windows\system32\dllcache\mouhid.sys
- 2009-04-02 22:56 . 2001-08-17 17:48   12160              c:\windows\system32\dllcache\mouhid.sys
- 2006-02-28 09:00 . 2008-04-13 18:39   23040              c:\windows\system32\dllcache\mouclass.sys
+ 2010-09-08 13:54 . 2008-04-13 18:39   23040              c:\windows\system32\dllcache\mouclass.sys
+ 2010-09-08 13:54 . 2009-06-24 11:18   92928              c:\windows\system32\dllcache\ksecdd.sys
- 2009-06-24 11:18 . 2009-06-24 11:18   92928              c:\windows\system32\dllcache\ksecdd.sys
- 2009-04-02 22:56 . 2004-08-04 06:58   14848              c:\windows\system32\dllcache\kbdhid.sys
+ 2010-09-08 13:54 . 2004-08-04 06:58   14848              c:\windows\system32\dllcache\kbdhid.sys
- 2004-08-04 05:58 . 2004-08-04 05:58   24576              c:\windows\system32\dllcache\kbdclass.sys
+ 2010-09-08 13:54 . 2004-08-04 05:58   24576              c:\windows\system32\dllcache\kbdclass.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   37248              c:\windows\system32\dllcache\isapnp.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   75264              c:\windows\system32\dllcache\ipsec.sys
+ 2010-09-08 13:54 . 2008-04-13 18:31   36352              c:\windows\system32\dllcache\intelppm.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   42112              c:\windows\system32\dllcache\imapi.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   10368              c:\windows\system32\dllcache\hidusb.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   24960              c:\windows\system32\dllcache\hidparse.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   36864              c:\windows\system32\dllcache\hidclass.sys
+ 2010-09-08 13:54 . 2008-04-13 18:33   44544              c:\windows\system32\dllcache\fips.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   27392              c:\windows\system32\dllcache\fdc.sys
+ 2010-09-08 13:54 . 2001-08-17 20:53   10496              c:\windows\system32\dllcache\dxapi.sys
- 2004-08-04 01:08 . 2008-04-13 18:45   60160              c:\windows\system32\dllcache\drmk.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   60160              c:\windows\system32\dllcache\drmk.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   36352              c:\windows\system32\dllcache\disk.sys
+ 2010-09-08 13:54 . 2008-04-13 19:16   49536              c:\windows\system32\dllcache\classpnp.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   62976              c:\windows\system32\dllcache\cdrom.sys
+ 2010-09-08 13:54 . 2008-04-13 19:14   63744              c:\windows\system32\dllcache\cdfs.sys
+ 2010-09-08 13:54 . 2008-04-13 18:40   96512              c:\windows\system32\dllcache\atapi.sys
- 2010-03-24 12:54 . 2010-07-28 15:18   25214              c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\MainGUIShortcut.exe
+ 2010-03-24 12:54 . 2010-09-03 13:49   25214              c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\MainGUIShortcut.exe
+ 2010-03-24 12:54 . 2010-09-03 13:49   25214              c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\ARPPRODUCTICON.exe
- 2010-03-24 12:54 . 2010-07-28 15:18   25214              c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\ARPPRODUCTICON.exe
- 2001-08-17 21:07 . 2001-08-17 21:07   4352              c:\windows\system32\drivers\wmilib.sys
+ 2010-09-08 13:54 . 2001-08-17 21:07   4352              c:\windows\system32\drivers\wmilib.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   8832              c:\windows\system32\drivers\wmiacpi.sys
- 2009-04-02 22:56 . 2008-04-13 18:36   8832              c:\windows\system32\drivers\wmiacpi.sys
+ 2010-09-08 13:54 . 2001-08-17 21:03   4736              c:\windows\system32\drivers\usbd.sys
- 2001-08-17 21:03 . 2001-08-17 21:03   4736              c:\windows\system32\drivers\usbd.sys
- 2006-02-28 09:00 . 2008-04-13 18:39   4352              c:\windows\system32\drivers\swenum.sys
+ 2010-09-08 13:54 . 2008-04-13 18:39   4352              c:\windows\system32\drivers\swenum.sys
+ 2010-09-08 13:54 . 2001-08-17 20:46   4224              c:\windows\system32\drivers\rdpcdd.sys
- 2001-08-17 20:46 . 2001-08-17 20:46   4224              c:\windows\system32\drivers\rdpcdd.sys
- 2001-08-17 20:55 . 2001-08-17 20:55   8832              c:\windows\system32\drivers\rasacd.sys
+ 2010-09-08 13:54 . 2001-08-17 20:55   8832              c:\windows\system32\drivers\rasacd.sys
+ 2010-09-08 13:54 . 2001-08-17 20:51   3328              c:\windows\system32\drivers\pciide.sys
- 2001-08-17 20:51 . 2001-08-17 20:51   3328              c:\windows\system32\drivers\pciide.sys
- 2001-08-17 20:47 . 2001-08-17 20:47   2944              c:\windows\system32\drivers\null.sys
+ 2010-09-08 13:54 . 2001-08-17 20:47   2944              c:\windows\system32\drivers\null.sys
- 2001-08-17 20:57 . 2001-08-17 20:57   4224              c:\windows\system32\drivers\mnmdd.sys
+ 2010-09-08 13:54 . 2001-08-17 20:57   4224              c:\windows\system32\drivers\mnmdd.sys
- 2001-08-17 20:49 . 2001-08-17 20:49   7936              c:\windows\system32\drivers\fs_rec.sys
+ 2010-09-08 13:54 . 2001-08-17 20:49   7936              c:\windows\system32\drivers\fs_rec.sys
+ 2010-09-08 13:54 . 2001-08-17 20:53   3328              c:\windows\system32\drivers\dxgthk.sys
- 2001-08-17 20:53 . 2001-08-17 20:53   3328              c:\windows\system32\drivers\dxgthk.sys
+ 2010-09-08 13:54 . 2001-08-17 20:58   5888              c:\windows\system32\drivers\dmload.sys
- 2001-08-17 20:58 . 2001-08-17 20:58   5888              c:\windows\system32\drivers\dmload.sys
+ 2010-09-08 13:54 . 2001-08-17 20:47   4224              c:\windows\system32\drivers\beep.sys
- 2001-08-17 20:47 . 2001-08-17 20:47   4224              c:\windows\system32\drivers\beep.sys
+ 2010-09-08 13:54 . 2001-08-17 15:59   3072              c:\windows\system32\drivers\audstub.sys
- 2001-08-17 15:59 . 2001-08-17 15:59   3072              c:\windows\system32\drivers\audstub.sys
+ 2010-09-08 13:54 . 2001-08-17 21:07   4352              c:\windows\system32\dllcache\wmilib.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   8832              c:\windows\system32\dllcache\wmiacpi.sys
+ 2010-09-08 13:54 . 2001-08-17 21:03   4736              c:\windows\system32\dllcache\usbd.sys
+ 2010-09-08 13:54 . 2008-04-13 18:39   4352              c:\windows\system32\dllcache\swenum.sys
+ 2010-09-08 13:54 . 2001-08-17 20:46   4224              c:\windows\system32\dllcache\rdpcdd.sys
+ 2010-09-08 13:54 . 2001-08-17 20:55   8832              c:\windows\system32\dllcache\rasacd.sys
+ 2010-09-08 13:54 . 2001-08-17 20:51   3328              c:\windows\system32\dllcache\pciide.sys
+ 2010-09-08 13:54 . 2001-08-17 20:47   2944              c:\windows\system32\dllcache\null.sys
+ 2010-09-08 13:54 . 2001-08-17 20:57   4224              c:\windows\system32\dllcache\mnmdd.sys
+ 2010-09-08 13:54 . 2001-08-17 20:49   7936              c:\windows\system32\dllcache\fs_rec.sys
+ 2010-09-08 13:54 . 2001-08-17 20:53   3328              c:\windows\system32\dllcache\dxgthk.sys
+ 2010-09-08 13:54 . 2001-08-17 20:58   5888              c:\windows\system32\dllcache\dmload.sys
+ 2010-09-08 13:54 . 2001-08-17 20:47   4224              c:\windows\system32\dllcache\beep.sys
+ 2010-09-08 13:54 . 2001-08-17 15:59   3072              c:\windows\system32\dllcache\audstub.sys
+ 2010-09-07 12:24 . 2010-09-07 12:24   8192              c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2010-09-07 12:24 . 2010-09-07 12:24   8192              c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2009-07-12 05:12 . 2009-07-12 05:12   632656              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09   554832              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08   479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2010-07-08 17:39 . 2010-09-08 12:16   411612              c:\windows\system32\Restore\rstrlog.dat
+ 2010-09-08 13:54 . 2008-04-13 18:45   143872              c:\windows\system32\drivers\usbport.sys
- 2004-08-04 06:08 . 2008-04-13 18:45   143872              c:\windows\system32\drivers\usbport.sys
- 2010-07-22 12:29 . 2008-03-02 07:28   206608              c:\windows\system32\drivers\TMPassthru.sys
+ 2010-09-08 13:54 . 2008-03-02 07:28   206608              c:\windows\system32\drivers\tmpassthru.sys
- 2004-08-04 06:14 . 2008-06-20 11:51   361600              c:\windows\system32\drivers\tcpip.sys
+ 2010-09-08 13:54 . 2008-06-20 11:51   361600              c:\windows\system32\drivers\tcpip.sys
+ 2010-09-08 13:54 . 2009-07-30 16:36   152192              c:\windows\system32\drivers\savonaccesscontrol.sys
- 2009-04-02 20:15 . 2009-07-30 16:36   152192              c:\windows\system32\drivers\savonaccesscontrol.sys
- 2008-08-08 01:47 . 2008-08-08 05:47   109184              c:\windows\system32\drivers\SafeBoot.sys
+ 2008-08-08 01:47 . 2008-08-08 13:47   109184              c:\windows\system32\drivers\SafeBoot.sys
- 2004-08-04 08:01 . 2008-04-14 00:13   139656              c:\windows\system32\drivers\rdpwd.sys
+ 2010-09-08 13:54 . 2008-04-14 00:13   139656              c:\windows\system32\drivers\rdpwd.sys
- 2004-08-04 08:01 . 2008-04-13 18:32   196224              c:\windows\system32\drivers\rdpdr.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   196224              c:\windows\system32\drivers\rdpdr.sys
- 2004-08-04 06:20 . 2008-04-13 19:28   175744              c:\windows\system32\drivers\rdbss.sys
+ 2010-09-08 13:54 . 2008-04-13 19:28   175744              c:\windows\system32\drivers\rdbss.sys
- 2004-08-04 01:15 . 2008-04-13 19:19   146048              c:\windows\system32\drivers\portcls.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   146048              c:\windows\system32\drivers\portcls.sys
- 2009-04-02 22:48 . 2008-04-13 19:15   574976              c:\windows\system32\drivers\ntfs.sys
+ 2010-09-08 13:54 . 2008-04-13 19:15   574976              c:\windows\system32\drivers\ntfs.sys
- 2004-08-04 06:14 . 2008-04-13 19:21   162816              c:\windows\system32\drivers\netbt.sys
+ 2010-09-08 13:54 . 2008-04-13 19:21   162816              c:\windows\system32\drivers\netbt.sys
- 2004-08-04 06:14 . 2008-04-24 11:49   182912              c:\windows\system32\drivers\ndis.sys
+ 2010-09-08 13:54 . 2008-04-24 11:49   182912              c:\windows\system32\drivers\ndis.sys
- 2004-08-04 06:15 . 2008-04-13 19:17   105344              c:\windows\system32\drivers\mup.sys
+ 2010-09-08 13:54 . 2008-04-13 19:17   105344              c:\windows\system32\drivers\mup.sys
+ 2010-09-08 13:54 . 2010-02-24 13:11   455680              c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-04 06:15 . 2010-02-24 13:11   455680              c:\windows\system32\drivers\mrxsmb.sys
+ 2010-09-08 13:54 . 2008-04-13 19:16   141056              c:\windows\system32\drivers\ks.sys
- 2006-02-28 09:00 . 2008-04-13 19:16   141056              c:\windows\system32\drivers\ks.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   172416              c:\windows\system32\drivers\kmixer.sys
- 2004-08-04 01:07 . 2008-04-13 18:45   172416              c:\windows\system32\drivers\kmixer.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   152832              c:\windows\system32\drivers\ipnat.sys
- 2004-08-04 06:04 . 2008-04-13 18:57   152832              c:\windows\system32\drivers\ipnat.sys
+ 2010-09-08 13:54 . 2009-02-11 21:11   329752              c:\windows\system32\drivers\iastor.sys
- 2009-04-02 22:46 . 2009-02-11 21:11   329752              c:\windows\system32\drivers\iaStor.sys
+ 2010-09-08 13:54 . 2009-10-20 16:20   265728              c:\windows\system32\drivers\http.sys
- 2004-08-04 06:00 . 2009-10-20 16:20   265728              c:\windows\system32\drivers\http.sys
- 2005-01-08 01:07 . 2008-04-13 16:36   144384              c:\windows\system32\drivers\hdaudbus.sys
+ 2010-09-08 13:54 . 2008-04-13 16:36   144384              c:\windows\system32\drivers\hdaudbus.sys
- 2001-08-17 20:52 . 2001-08-17 20:52   125056              c:\windows\system32\drivers\ftdisk.sys
+ 2010-09-08 13:54 . 2001-08-17 20:52   125056              c:\windows\system32\drivers\ftdisk.sys
- 2004-08-04 06:01 . 2008-04-13 18:32   129792              c:\windows\system32\drivers\fltmgr.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   129792              c:\windows\system32\drivers\fltmgr.sys
- 2009-04-02 22:52 . 2008-06-05 11:58   144480              c:\windows\system32\drivers\e1k5132.sys
+ 2010-09-08 13:54 . 2008-06-05 11:58   144480              c:\windows\system32\drivers\e1k5132.sys
+ 2010-09-08 13:54 . 2008-04-13 18:44   153344              c:\windows\system32\drivers\dmio.sys
- 2004-08-04 06:07 . 2008-04-13 18:44   153344              c:\windows\system32\drivers\dmio.sys
+ 2010-09-08 13:54 . 2008-08-14 10:04   138496              c:\windows\system32\drivers\afd.sys
- 2004-08-04 06:14 . 2008-08-14 10:04   138496              c:\windows\system32\drivers\afd.sys
- 2009-04-02 22:47 . 2009-03-12 15:04   112896              c:\windows\system32\drivers\aeaudio.sys
+ 2010-09-08 13:54 . 2009-03-12 15:04   112896              c:\windows\system32\drivers\aeaudio.sys
- 2009-04-02 22:47 . 2008-12-11 17:11   338944              c:\windows\system32\drivers\ADIHdAud.sys
+ 2010-09-08 13:54 . 2008-12-11 17:11   338944              c:\windows\system32\drivers\adihdaud.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   187776              c:\windows\system32\drivers\acpi.sys
- 2004-08-04 06:07 . 2008-04-13 18:36   187776              c:\windows\system32\drivers\acpi.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   143872              c:\windows\system32\dllcache\usbport.sys
- 2008-06-20 11:51 . 2008-06-20 11:51   361600              c:\windows\system32\dllcache\tcpip.sys
+ 2010-09-08 13:54 . 2008-06-20 11:51   361600              c:\windows\system32\dllcache\tcpip.sys
+ 2010-09-08 13:54 . 2010-06-21 15:27   354304              c:\windows\system32\dllcache\srv.sys
- 2009-04-02 22:00 . 2010-06-21 15:27   354304              c:\windows\system32\dllcache\srv.sys
+ 2010-09-08 13:54 . 2008-04-14 00:13   139656              c:\windows\system32\dllcache\rdpwd.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   196224              c:\windows\system32\dllcache\rdpdr.sys
+ 2010-09-08 13:54 . 2008-04-13 19:28   175744              c:\windows\system32\dllcache\rdbss.sys
+ 2010-09-08 13:54 . 2008-04-13 19:19   146048              c:\windows\system32\dllcache\portcls.sys
- 2004-08-04 01:15 . 2008-04-13 19:19   146048              c:\windows\system32\dllcache\portcls.sys
+ 2010-09-08 13:54 . 2008-04-13 19:15   574976              c:\windows\system32\dllcache\ntfs.sys
+ 2010-09-08 13:54 . 2008-04-13 19:21   162816              c:\windows\system32\dllcache\netbt.sys
- 2009-04-02 19:08 . 2008-04-24 11:49   182912              c:\windows\system32\dllcache\ndis.sys
+ 2010-09-08 13:54 . 2008-04-24 11:49   182912              c:\windows\system32\dllcache\ndis.sys
+ 2010-09-08 13:54 . 2008-04-13 19:17   105344              c:\windows\system32\dllcache\mup.sys
- 2009-04-02 22:00 . 2010-02-24 13:11   455680              c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-09-08 13:54 . 2010-02-24 13:11   455680              c:\windows\system32\dllcache\mrxsmb.sys
- 2006-02-28 09:00 . 2008-04-13 19:16   141056              c:\windows\system32\dllcache\ks.sys
+ 2010-09-08 13:54 . 2008-04-13 19:16   141056              c:\windows\system32\dllcache\ks.sys
+ 2010-09-08 13:54 . 2008-04-13 18:45   172416              c:\windows\system32\dllcache\kmixer.sys
+ 2010-09-08 13:54 . 2008-04-13 18:57   152832              c:\windows\system32\dllcache\ipnat.sys
- 2009-10-20 16:20 . 2009-10-20 16:20   265728              c:\windows\system32\dllcache\http.sys
+ 2010-09-08 13:54 . 2009-10-20 16:20   265728              c:\windows\system32\dllcache\http.sys
+ 2010-09-08 13:54 . 2001-08-17 20:52   125056              c:\windows\system32\dllcache\ftdisk.sys
+ 2010-09-08 13:54 . 2008-04-13 18:32   129792              c:\windows\system32\dllcache\fltmgr.sys
+ 2010-09-08 13:54 . 2008-04-13 18:44   153344              c:\windows\system32\dllcache\dmio.sys
+ 2010-09-08 13:54 . 2008-08-14 10:04   138496              c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-08-14 10:04   138496              c:\windows\system32\dllcache\afd.sys
+ 2010-09-08 13:54 . 2008-04-13 18:36   187776              c:\windows\system32\dllcache\acpi.sys
+ 2010-09-08 19:26 . 2010-09-08 19:26   424960              c:\windows\Installer\12e4d46.msi
+ 2010-09-07 12:24 . 2010-09-07 12:24   229376              c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\NTUSER.DAT
+ 2010-09-07 12:24 . 2010-09-07 12:24   315392              c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2010-09-07 12:24 . 2010-09-07 12:24   229376              c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2009-07-12 00:46 . 2009-07-12 00:46   1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46   1105920              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-09-08 13:54 . 2010-07-07 02:27   5069312              c:\windows\system32\dllcache\ati2mtag.sys
- 2009-04-02 22:52 . 2010-07-07 02:27   5069312              c:\windows\system32\dllcache\ati2mtag.sys
+ 2010-09-03 13:49 . 2010-09-03 13:49   2562560              c:\windows\Installer\22ca35.msi
+ 2010-09-07 12:24 . 2010-09-07 12:24   5697536              c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\ntuser.dat
.
-- Snapshot reset to current date --
.

 8 
 on: September 09, 2010, 08:58:49 AM 
Started by theotherguy - Last post by Unzy
Do you still have combofix?

Do a new scan, when it asks to update , pls do so

Post the log here

Thnx

 9 
 on: September 09, 2010, 07:39:15 AM 
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Opera v10.62 released
- http://www.opera.com/browser/download/
September 9, 2010

- http://www.opera.com/docs/changelogs/windows/1062/
"Opera 10.62 is a recommended upgrade offering security and stability enhancements..."

Advisory: Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code
- http://www.opera.com/support/kb/view/970/
Severity: High ...

- http://secunia.com/advisories/41083/
Last Update: 2010-09-09
Criticality level: Highly critical
Impact:   System access
Where: From remote
Solution: Update to version 10.62.

 Exclamation

 10 
 on: September 09, 2010, 04:41:10 AM 
Started by theotherguy - Last post by theotherguy
c:\windows\system32\drivers\rukgusf.sys -- is no longer there. Sophos still is showing the infection it comes up (Troj/TDL3Mem-A) infected in memory, can not remove.

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Page created in 0.344 seconds with 18 queries.