lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Please Help! My Computer is Running Multiple Viruses/malware.

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 4 of 5 123 4 5
 
Thread Tools
  #31  
Old 8th Jul 2009, 16:17
Moderator Group
  
Since sjb007 isn't here please do this for him.

Go to 2shared.com and upload the file.

1. Click Browse
2. Locate the file and double click it.
3. Next click UPLOAD IT!
4. When you see Your upload has successfully completed! click OK
5. Copy the link under Here is your download link: and post it back here.
__________________
  #32  
Old 8th Jul 2009, 16:23
Member Group
  
That was so much easier (for both of us I'm sure), Thanks!

http://www.2shared.com/file/6615436/...a8/log4CF.html
  #33  
Old 8th Jul 2009, 23:47
Malware Group
  
Hi there

Please go to: VirusTotal

In the middle of the page you'll find a "Browse" button.



Click the "Browse" button and browse to this file in RED:

c:\windows\system32\reader_s .exe

Click "Open".
Then click the "Send File" button at the bottom of the VirusTotal page.
This will scan the file. Please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now



Copy and then Paste the scan results in your next reply.

Do the same with:

C:\WINDOWS\system32\ntoskrnl.exe
__________________
Proud member of ASAP & UNITE
__________________

My System: Steves Rig

Processor(s):
AMD Athlon 64x2 6000+
Motherboard:
ASUS M3N78 Pro
RAM Memory:
Corsair 4GB Dual Channel
Graphics Card(s):
NVIDIA GeForce 8400 GS
Sound Card:
Onboard
Hard Drive(s):
640GB Western Digital HD
Optical Drive(s):
LG Lightscribe
Case / PSU:
Cooling:
Stock HSF
Network / Internet:
20Mb Virgin Media Broadband
Monitor(s):
Hanns-G 19" Widescreen
Operating System(s):
Vista Premium 64x
  #34  
Old 9th Jul 2009, 06:45
Member Group
  
..
  #35  
Old 9th Jul 2009, 06:46
Member Group
  
OK. Well the copy and paste didn't work like I wanted it too, sorry. The other file got 0/41. Here's the information again from the first one...

File reader_s_.exe. Result: 30/40 (75%)

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.09 Trojan-Downloader.Win32.Cutwail!IK
AhnLab-V3 5.0.0.2 2009.07.09 Win-Trojan/Downloader.52225
AntiVir 7.9.0.204 2009.07.09 TR/Dldr.Cutwail.52225B.1
Antiy-AVL 2.0.3.1 2009.07.09 Backdoor/Win32.Small.gen
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.09 SHeur2.ANFG
BitDefender 7.2 2009.07.09 Trojan.Generic.CJ.DVE
CAT-QuickHeal 10.00 2009.07.09 Backdoor.Small.ids
ClamAV 0.94.1 2009.07.09 -
Comodo 1592 2009.07.09 TrojWare.Win32.TrojanSpy.Delf.~UM
DrWeb 5.0.0.12182 2009.07.09 Trojan.DownLoad.29459
eSafe 7.0.17.0 2009.07.09 Win32.Backdoor.Small
eTrust-Vet 31.6.6606 2009.07.09 -
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.09 Backdoor.Win32.Small.ids
Fortinet 3.117.0.0 2009.07.03 W32/Cutwail.N!tr
GData 19 2009.07.09 Trojan.Generic.CJ.DVE
Ikarus T3.1.1.64.0 2009.07.09 Trojan-Downloader.Win32.Cutwail
Jiangmin 11.0.706 2009.07.09 -
K7AntiVirus 7.10.787 2009.07.08 Backdoor.Win32.Small.ids
Kaspersky 7.0.0.125 2009.07.09 Backdoor.Win32.Small.ids
McAfee 5670 2009.07.08 Generic Downloader.x!hh
McAfee+Artemis 5670 2009.07.08 Generic Downloader.x!hh
McAfee-GW-Edition 6.8.5 2009.07.09 Heuristic.LooksLike.Trojan.Dldr.Cutwail.B
Microsoft 1.4803 2009.07.09 TrojanDownloader:Win32/Cutwail.gen!B
NOD32 4228 2009.07.09 Win32/Wigon
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.09 Trojan/W32.Agent.52225
Panda 10.0.0.14 2009.07.08 Generic Trojan
PCTools 4.4.2.0 2009.07.09 -
Rising 21.37.34.00 2009.07.09 Trojan.DL.Win32.Mnless.ebf
Sophos 4.43.0 2009.07.09 Troj/FakeVir-NP
Sunbelt 3.2.1858.2 2009.07.09 -
Symantec 1.4.4.12 2009.07.09 Packed.Generic.234
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.09 TROJ_CUTWAIL.FP
VBA32 3.12.10.7 2009.07.09 Backdoor.Win32.Small.ids
ViRobot 2009.7.9.1827 2009.07.09 Backdoor.Win32.Small.52225
VirusBuster 4.6.5.0 2009.07.08 -

Additional information
File size: 52225 bytes
MD5...: b9d9c8a780f839674994c8651bd2e295
SHA1..: 6577dc7297458f83444dd37241b58ed9925a2350
SHA256: beb6f3ed69235697bcbc018198fb0228d683da9a9a2943984b 3b3ba7431b328d
ssdeep: 768:wOByCJsZoWaz2BkacWTrWtOMMcV+0kumyRohDj2GNO3UCe WuKNQnz3HH:PDI<br>Cz2dTdcVkNNDj2T3xB4X<br>
PEiD..: -
TrID..: File type identification<br>-
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10fe<br>timedatestamp.....: 0x4a44a1e7 (Fri Jun 26 10:24:39 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8d08 0x8e00 7.33 2bdb744eebdee0657195ccce03e3711c<br>.data 0xa000 0x150108 0x200 2.55 ec7390b411ec26b04c548c41b518dac5<br>.rsrc 0x15b000 0x3944 0x3a00 6.32 9458b6a0777f15162915846375463c7d<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: VirtualAlloc, GetModuleHandleW, Sleep, LeaveCriticalSection, TerminateProcess, DeleteCriticalSection, EnterCriticalSection<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
  #36  
Old 9th Jul 2009, 06:55
Malware Group
  
Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe and then click Start
* An information notice will appear, click OK.
* This starts a short scan that will scan the files currently running in memory.
* If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
* If or when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Settings > Change Settings
* Under the Scanning tab UNcheck Heuristic analysis and click OK
* Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
* Click Yes to all if it asks if you want to cure/move any file(s).
* When the scan is done.
* In the Dr.Web CureIt menu on top left, click File and choose Save report list.
* Save the DrWeb.csv report to your Desktop.
* Exit Dr.Web Cureit.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply
__________________
Proud member of ASAP & UNITE
  #37  
Old 9th Jul 2009, 08:45
Member Group
  
http://www.2shared.com/file/6624351/63f557bd/DrWeb.html

I cannot believe what this came up with. No wonder I had to reinstall windows files on the computer. Do you think it is safe to boot up the computer regularly now? (I have been running in safe mode since I reinstalled windows)
  #38  
Old 9th Jul 2009, 11:23
Malware Group
  
Howdy there

Some of the files detected are known to help spread a polymorphic virus called virut. Virut is a particuly nasty infection and the view of many malware experts is that the only way to clear it out for sure is to reformat, one of the problems with virut is that even if the files are disinfected, any files could still be corrupteded due to the buggy coding of virut. Usually this type of infection is spread through P2P channels, if you do use any form of P2P or Newsgroups then I would refrain from such use, otherwise reinfections will prevail on and on and will render my time spent here a pointless excercise.

I notice that you mention that you have multiple users on your computer and I feel that from going from close to being clear from malware to comming close to rendering your computer to a doorstop within 6 days requires some education for the people who use your computer. The biggest lesson is to introduce safer browsing habits and limit accounts to other users and refrain from any P2P activities.

For the next steps boot up the computer in normal operating mode, run and post back with a fresh combofix log, let me know how things go and how your system is running.

Please post back the results directly into your reply if possible.
__________________
Proud member of ASAP & UNITE
  #39  
Old 9th Jul 2009, 13:31
Member Group
  
I have said the exact same thing myself about the P2P files. From what I can gather, the last file that was downloaded with this method was June 6th. So unless the virus was hiding in the computer for that amount of time then it couldn't have come from there. The only other way I can think of is from streaming videos (tv episodes or movies) that are frequently watched. However, from what I can remember most of the sites have been visited long before there have been any problems (even though I could be wrong).

I did notice that there were 2 or 3 install files that were not removed by DrWeb. They were visible on the bottom half of the scan as they were scanned but were not added to the threats detected at the top. I looked for them manually, but I'm guessing they were erased with the scan. At least I hope that is the case, but I wanted to be sure.

I am able to use the computer in normal mode again. However, apparently I have lost the activation keys for windows because I can't find them anywhere. I'm getting ready to call and get new ones so that I can update the service pack and install AVG. I also updated the video driver so that I can actually see whats going on ;)

ComboFix 09-07-09.02 - Owner 07/09/2009 16:03.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.265 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_pcmstub
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 17:19 . 2002-06-19 23:03 151552 ----a-w- c:\windows\system32\igfxres.dll
2009-07-09 17:14 . 2002-06-21 15:45 26169 ----a-w- c:\windows\system32\drivers\a303.sys
2009-07-09 17:14 . 2002-06-21 15:44 10297 ----a-w- c:\windows\system32\drivers\a302.sys
2009-07-09 16:58 . 2009-07-09 16:58 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-09 13:59 . 2009-07-09 14:04 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-07-08 10:34 . 2009-07-08 10:34 2470 ----a-w- C:\ciuge.exe
2009-07-08 05:03 . 2003-08-25 22:06 182880 -c--a-w- c:\windows\system32\dllcache\iuengine.dll
2009-07-08 05:03 . 2003-08-25 22:06 182880 ----a-w- c:\windows\system32\iuengine.dll
2009-07-08 05:02 . 2009-07-08 05:02 43520 ---h--w- c:\windows\system32\secupdat.dat
2009-07-08 01:14 . 2001-08-18 02:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2009-07-08 01:13 . 2003-07-16 20:33 6656 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-07-08 01:12 . 2003-07-16 20:22 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2009-07-08 01:11 . 2001-08-18 02:36 312832 -c--a-w- c:\windows\system32\dllcache\EXCH_aqueue.dll
2009-07-08 01:04 . 2009-07-08 01:04 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2009-07-08 01:02 . 2003-07-16 20:46 106562 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2009-07-08 01:02 . 2003-07-16 20:35 3346432 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2009-07-08 01:02 . 2003-07-16 20:36 28160 -c--a-w- c:\windows\system32\dllcache\msobshel.dll
2009-07-08 01:02 . 2003-07-16 20:36 16896 -c--a-w- c:\windows\system32\dllcache\msobweb.dll
2009-07-08 01:02 . 2003-07-16 20:36 14336 -c--a-w- c:\windows\system32\dllcache\msobdl.dll
2009-07-08 00:58 . 2003-07-16 20:52 117248 -c--a-w- c:\windows\system32\dllcache\wmiapsrv.exe
2009-07-08 00:55 . 2002-08-29 05:32 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-08 00:55 . 2001-08-17 17:59 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-07-08 00:48 . 2002-08-29 05:27 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-07-08 00:46 . 2001-08-18 02:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-07-08 00:44 . 2002-08-29 07:46 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-07-08 00:41 . 2003-07-16 20:43 696320 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2009-07-08 00:41 . 2003-07-16 20:51 132096 ----a-w- c:\windows\system\WINSPOOL.DRV
2009-07-08 00:41 . 2003-07-16 20:46 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-08 00:41 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-08 00:41 . 2003-07-16 20:30 10496 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2009-07-08 00:41 . 2003-07-16 20:30 10496 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-07-08 00:41 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-08 00:41 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-08 00:41 . 2002-08-29 07:41 71168 ----a-w- c:\windows\system32\storprop.dll
2009-07-07 18:24 . 2009-07-07 18:24 117760 ----a-w- c:\documents and settings\Guest\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-07 18:23 . 2009-07-07 18:23 -------- d-----w- c:\documents and settings\Guest\Application Data\SUPERAntiSpyware.com
2009-07-07 18:01 . 2009-07-07 18:01 24576 ----a-w- C:\gjpipkpu.exe
2009-07-07 17:54 . 2009-07-09 14:01 -------- d-----w- c:\program files\sfx
2009-06-28 04:57 . 2009-07-02 03:06 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-28 04:56 . 2009-06-28 04:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-26 07:05 . 2009-06-26 07:06 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2009-06-26 07:02 . 2009-06-26 07:02 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-06-24 06:26 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-06-24 03:42 . 2009-06-24 03:42 -------- d-----w- c:\program files\Electronic Arts
2009-06-24 03:37 . 2009-06-24 03:37 -------- d-----w- c:\program files\Common Files\Java
2009-06-23 13:44 . 2009-05-19 05:35 1025328 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\gui.dll
2009-06-23 13:44 . 2009-05-19 05:36 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-06-23 13:44 . 2007-08-17 13:34 107872 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aolsetup.exe
2009-06-23 13:44 . 2009-05-19 05:36 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-06-23 13:44 . 2009-05-19 05:35 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLFirewallMgr. dll
2009-06-23 13:44 . 2009-05-19 05:35 120368 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aoldlmgr.exe
2009-06-23 13:44 . 2009-05-19 05:35 69104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amos.exe
2009-06-23 13:44 . 2009-05-19 05:35 37888 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amoinst.exe
2009-06-23 13:44 . 2009-05-19 05:36 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-06-23 13:44 . 2009-05-19 05:35 550024 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMLang.exe
2009-06-23 13:44 . 2009-05-19 05:35 2402104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMinst.exe
2009-06-22 06:15 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-22 06:12 . 2009-06-22 06:12 -------- d-----w- c:\program files\Panda Security
2009-06-18 18:04 . 2009-06-18 18:04 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-18 15:58 . 2009-07-08 15:50 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-18 15:57 . 2009-06-18 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-18 15:54 . 2009-06-18 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-18 15:54 . 2009-06-18 15:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-18 15:53 . 2009-06-18 15:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 15:42 . 2009-06-18 15:42 -------- d-----w- c:\program files\CCleaner
2009-06-18 04:28 . 2009-06-18 04:28 -------- d-----w- c:\program files\Trend Micro
2009-06-13 06:00 . 2009-06-13 06:00 444 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-13 05:01 . 2009-06-13 05:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-13 04:44 . 2009-06-18 04:53 -------- d-----w- c:\program files\Startup Optimizer
2009-06-12 23:31 . 2009-06-12 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-12 22:21 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 22:21 . 2009-06-12 22:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 22:21 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 19:18 . 2009-06-12 23:26 45 ----a-w- c:\windows\system32\ca.dat
2009-06-12 18:56 . 2008-03-04 19:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2009-06-12 18:56 . 2008-02-07 16:03 179640 ----a-w- c:\windows\system32\drivers\PavProc.sys
2009-06-12 18:21 . 2009-06-12 18:56 -------- d-----w- c:\program files\Common Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-08 10:42 . 2009-07-07 18:06 4 ---h--w- c:\windows\Fonts\mlog
2009-07-08 05:11 . 2006-05-03 02:44 14720 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 01:00 . 2006-05-02 03:16 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 22:24 . 2009-03-29 21:27 -------- d-----w- c:\documents and settings\Owner\Application Data\n-Track Studio6
2009-06-26 02:16 . 2009-01-12 01:18 -------- d-----w- c:\program files\Java
2009-06-24 03:20 . 2009-01-05 00:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 04:50 . 2009-01-05 04:50 -------- d-----w- c:\program files\Web Publish
2009-06-13 04:49 . 2008-08-20 22:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-12 22:57 . 2009-04-16 15:22 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-06-12 18:22 . 2006-05-02 03:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 16:10 . 2009-04-19 18:00 -------- d-----w- c:\program files\Google
2009-05-19 05:36 . 2009-06-23 13:45 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-23 13:45 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-23 13:45 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-23 13:45 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-23 13:45 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:35 . 2009-06-23 13:45 11568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbinst.dll
2009-05-19 05:35 . 2009-06-23 13:45 376568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unagi3.exe
2009-05-19 05:35 . 2009-06-23 13:45 383128 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbsetup.exe
2009-05-19 05:35 . 2009-06-23 13:45 4480040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpinst.exe
2009-05-19 05:35 . 2009-06-23 13:45 15144 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpchk.dll
2009-05-19 05:35 . 2009-06-23 13:45 74536 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\instSup.dll
2009-05-19 05:35 . 2009-06-23 13:45 1225352 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\msvc9rt.exe
2009-05-19 05:35 . 2009-06-23 13:45 231216 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\migrator.exe
2009-05-19 05:35 . 2009-06-23 13:45 10544 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\imappver.dll
2009-05-19 05:35 . 2009-06-23 13:45 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\postproc.exe
2009-05-19 05:35 . 2009-06-23 13:45 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\setup.exe
2009-05-19 05:35 . 2009-06-23 13:45 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ProgUpd.dll
2009-05-15 13:30 . 2006-07-15 14:36 -------- d-----w- c:\program files\QuickTime
2009-05-15 13:30 . 2006-07-15 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-15 13:29 . 2009-05-15 13:29 -------- d-----w- c:\program files\Apple Software Update
2009-05-15 13:29 . 2009-05-15 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-12 19:53 . 2009-05-12 19:53 16141 ----a-w- c:\documents and settings\Owner\Application Data\Help\lego.exe
2009-05-12 19:53 . 2009-05-12 19:53 11410 ----a-w- c:\documents and settings\Owner\Application Data\Identities\msgdi.dll
2009-05-12 19:53 . 2009-05-12 19:53 10121 ----a-w- c:\documents and settings\Owner\Application Data\Lavasoft\kern.dll
2009-05-12 19:53 . 2009-05-12 19:53 422 ----a-w- c:\documents and settings\Owner\Application Data\Apple Computer\socks1.exe
2009-05-12 19:53 . 2009-05-12 19:53 145131 ----a-w- c:\documents and settings\Owner\Application Data\DivX\nomad.exe
2009-05-12 19:53 . 2009-05-12 19:53 13221 ----a-w- c:\documents and settings\Owner\Application Data\Adobe\rengo.dll
2009-05-12 19:53 . 2009-05-12 19:53 11232 ----a-w- c:\documents and settings\Owner\Application Data\acccore\shalom.exe
2009-05-11 14:21 . 2009-05-11 14:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-11 14:20 . 2009-05-11 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 20:25 . 2009-04-19 18:01 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-04-15 20:25 . 2009-04-19 18:01 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-04-19 18:01 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-04-19 18:01 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-04-19 18:01 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2009-04-19 18:01 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-02-26 16:20 . 2009-02-26 16:20 6309376 ----a-w- c:\program files\ntrack.exe
2009-02-26 16:05 . 2009-02-26 16:05 126976 ----a-w- c:\program files\AMGateway.ax
2009-02-26 16:05 . 2009-02-26 16:05 63168 ----a-w- c:\program files\RegisterComponents.exe
2009-02-26 16:05 . 2009-02-26 16:05 163520 ----a-w- c:\program files\ReportDump.exe
2009-02-26 16:04 . 2009-02-26 16:04 86016 ----a-w- c:\program files\vstscan.exe
2009-02-26 16:04 . 2009-02-26 16:04 45056 ----a-w- c:\program files\ball.ax
2009-02-26 16:01 . 2009-02-26 16:01 78848 ----a-w- c:\program files\EmptyProjectAction.dll
2009-02-26 16:01 . 2009-02-26 16:01 147456 ----a-w- c:\program files\nTrackDotControls.dll
2009-02-26 16:00 . 2009-02-26 16:00 637440 ----a-w- c:\program files\NativeControls6.dll
2009-02-26 15:59 . 2009-02-26 15:59 99328 ----a-w- c:\program files\SurroundVSTGui.dll
2009-02-26 15:59 . 2009-02-26 15:59 45056 ----a-w- c:\program files\yeti.mmedia.dll
2009-02-26 15:59 . 2009-02-26 15:59 40960 ----a-w- c:\program files\cdcopier.dll
2009-02-26 15:59 . 2009-02-26 15:59 28672 ----a-w- c:\program files\Ripper.dll
2009-02-26 15:59 . 2009-02-26 15:59 8704 ----a-w- c:\program files\ntrack3rdparty.dll
2009-02-26 15:59 . 2009-02-26 15:59 5120 ----a-w- c:\program files\WindowsFormsBase.dll
2009-02-26 15:59 . 2009-02-26 15:59 36864 ----a-w- c:\program files\nttest.dll
2009-02-26 15:59 . 2009-02-26 15:59 32768 ----a-w- c:\program files\nTrackDotNet.dll
2009-02-26 15:59 . 2009-02-26 15:59 24576 ----a-w- c:\program files\AVFader.dll
2009-02-26 15:59 . 2009-02-26 15:59 6656 ----a-w- c:\program files\nativecontrolsinterop.dll
2009-02-07 22:10 . 2009-02-07 22:10 528726 ----a-w- c:\program files\n-Track.htm
2009-02-06 00:15 . 2009-02-06 00:15 225792 ----a-w- c:\program files\AutoVol.dll
2009-02-06 00:14 . 2009-02-06 00:14 228352 ----a-w- c:\program files\Chorus.dll
2009-02-06 00:14 . 2009-02-06 00:14 228864 ----a-w- c:\program files\Echo.dll
2009-02-06 00:12 . 2009-02-06 00:12 369152 ----a-w- c:\program files\ntrck_PitchShift.dll
2009-02-06 00:11 . 2009-02-06 00:11 176128 ----a-w- c:\program files\Riverbero.dll
2009-02-06 00:09 . 2009-02-06 00:09 434688 ----a-w- c:\program files\facomp10.dll
2009-02-06 00:08 . 2009-02-06 00:08 379904 ----a-w- c:\program files\dxirewire.dll
2009-02-06 00:06 . 2009-02-06 00:06 951808 ----a-w- c:\program files\fa4bdeq.dll
2009-01-13 14:16 . 2009-01-13 14:16 3455 ----a-w- c:\program files\order.html
2008-11-28 00:23 . 2008-11-28 00:23 642840 ----a-w- c:\program files\n-track.cfg
2008-10-25 23:46 . 2008-10-25 23:46 4920 ----a-w- c:\program files\order_upgrade.html
2008-09-02 23:06 . 2008-09-02 23:06 231936 ----a-w- c:\program files\ShellCtl.dll
2008-08-31 13:20 . 2008-08-31 13:20 105056 ----a-w- c:\program files\Setup.bmp
2008-06-20 18:37 . 2008-06-20 18:37 24576 ----a-w- c:\program files\ScrollerAbout.dll
2008-06-20 18:18 . 2008-06-20 18:18 831058 ----a-w- c:\program files\banks_default.txt
2008-06-20 18:18 . 2008-06-20 18:18 709 ----a-w- c:\program files\ntrack.exe.config
2008-06-20 18:18 . 2008-06-20 18:18 22124 ----a-w- c:\program files\us428_faders.dat
2008-06-20 18:18 . 2008-06-20 18:18 22124 ----a-w- c:\program files\us224_faders.dat
2008-06-20 18:17 . 2008-06-20 18:17 4035 ----a-w- c:\program files\n-track_help.cnt
2008-06-20 18:17 . 2008-06-20 18:17 169585 ----a-w- c:\program files\Drum Example.sng
2008-06-20 18:17 . 2008-06-20 18:17 15457 ----a-w- c:\program files\FACOMP10.HLP
2008-06-20 18:17 . 2008-06-20 18:17 25698 ----a-w- c:\program files\FA4BDEQ.HLP
2008-06-20 18:16 . 2008-06-20 18:16 19339 ----a-w- c:\program files\N-TRACK_EFX.HLP
2004-06-11 20:19 . 2004-06-11 20:19 25214 ----a-w- c:\program files\help_icon.ico
2004-06-07 13:23 . 2004-06-07 13:23 25214 ----a-w- c:\program files\link_icon.ico
2000-11-12 03:30 . 2000-11-12 03:30 86 ----a-w- c:\program files\BUYIT!.URL
2000-11-12 03:28 . 2000-11-12 03:28 73 ----a-w- c:\program files\n-Track.url
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

.
((((((((((((((((((((((((((((( SnapShot_2009-07-08_21.41.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 17:15 . 2002-06-21 15:45 69792 c:\windows\system32\ReinstallBackups\0009\DriverFi les\ialmkchw.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 26681 c:\windows\system32\ReinstallBackups\0008\DriverFi les\wa301b.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 26681 c:\windows\system32\ReinstallBackups\0008\DriverFi les\wa301a.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 20023 c:\windows\system32\ReinstallBackups\0008\DriverFi les\vch.sys
+ 2009-07-09 17:15 . 2002-06-25 12:14 69632 c:\windows\system32\ReinstallBackups\0008\DriverFi les\oemdspif.dll
+ 2009-07-09 17:15 . 2002-06-19 23:02 86016 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxdo.dll
+ 2009-07-09 17:15 . 2002-06-19 23:11 28672 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxdgps.dll
+ 2009-07-09 17:15 . 2002-06-21 15:45 90784 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmsbw.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 30208 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmrnt5.dll
+ 2009-07-09 17:15 . 2002-06-21 15:45 53248 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmrem.dll
+ 2009-07-09 17:15 . 2002-06-21 15:44 78877 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmnt5.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 69792 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmkchw.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 76862 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmdnt5.dll
+ 2009-07-09 17:15 . 2002-06-21 15:45 61440 c:\windows\system32\ReinstallBackups\0008\DriverFi les\iAlmCoIn.dll
+ 2009-07-09 17:15 . 2002-06-21 15:46 28729 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a311.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 24121 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a310.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 23609 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a309.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 10297 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a308.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 20025 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a307.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 15929 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a306.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 11321 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a305.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 25657 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a304.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 26169 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a303.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 10297 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a302.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 90784 c:\windows\system32\ReinstallBackups\0007\DriverFi les\ialmsbw.sys
- 2001-08-30 10:30 . 2009-07-08 05:07 62688 c:\windows\system32\perfc009.dat
+ 2001-08-30 10:30 . 2009-07-09 17:03 62688 c:\windows\system32\perfc009.dat
+ 2009-07-09 17:15 . 2002-06-25 12:14 69632 c:\windows\system32\oemdspif.dll
- 2006-05-02 03:58 . 2002-06-25 12:14 69632 c:\windows\system32\oemdspif.dll
+ 2009-07-09 17:15 . 2002-06-19 23:02 86016 c:\windows\system32\igfxdo.dll
- 2006-05-02 03:58 . 2002-06-19 23:02 86016 c:\windows\system32\igfxdo.dll
- 2006-05-02 03:58 . 2002-06-19 23:11 28672 c:\windows\system32\igfxdgps.dll
+ 2009-07-09 17:15 . 2002-06-19 23:11 28672 c:\windows\system32\igfxdgps.dll
+ 2009-07-09 17:15 . 2002-06-21 15:45 30208 c:\windows\system32\ialmrnt5.dll
- 2006-05-02 03:58 . 2002-06-21 15:45 30208 c:\windows\system32\ialmrnt5.dll
- 2006-05-02 03:58 . 2002-06-21 15:45 53248 c:\windows\system32\ialmrem.dll
+ 2009-07-09 17:15 . 2002-06-21 15:45 53248 c:\windows\system32\ialmrem.dll
- 2006-05-02 03:58 . 2002-06-21 15:44 76862 c:\windows\system32\ialmdnt5.dll
+ 2009-07-09 17:15 . 2002-06-21 15:44 76862 c:\windows\system32\ialmdnt5.dll
- 2006-05-02 03:58 . 2002-06-21 15:44 26681 c:\windows\system32\drivers\wa301b.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 26681 c:\windows\system32\drivers\wa301b.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 26681 c:\windows\system32\drivers\wA301a.sys
- 2006-05-02 03:58 . 2002-06-21 15:44 26681 c:\windows\system32\drivers\wA301a.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 20023 c:\windows\system32\drivers\Vch.sys
- 2006-05-02 03:58 . 2002-06-21 15:44 20023 c:\windows\system32\drivers\Vch.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 90784 c:\windows\system32\drivers\ialmsbw.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 90784 c:\windows\system32\drivers\ialmsbw.sys
+ 2009-07-09 17:15 . 2002-06-21 15:44 78877 c:\windows\system32\drivers\ialmnt5.sys
- 2006-05-02 03:58 . 2002-06-21 15:44 78877 c:\windows\system32\drivers\ialmnt5.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 69792 c:\windows\system32\drivers\ialmkchw.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 69792 c:\windows\system32\drivers\ialmkchw.sys
- 2006-05-02 03:58 . 2002-06-21 15:46 28729 c:\windows\system32\drivers\a311.sys
+ 2009-07-09 17:15 . 2002-06-21 15:46 28729 c:\windows\system32\drivers\a311.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 24121 c:\windows\system32\drivers\a310.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 24121 c:\windows\system32\drivers\a310.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 23609 c:\windows\system32\drivers\a309.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 23609 c:\windows\system32\drivers\a309.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 10297 c:\windows\system32\drivers\a308.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 10297 c:\windows\system32\drivers\a308.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 20025 c:\windows\system32\drivers\a307.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 20025 c:\windows\system32\drivers\a307.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 15929 c:\windows\system32\drivers\a306.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 15929 c:\windows\system32\drivers\a306.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 11321 c:\windows\system32\drivers\a305.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 11321 c:\windows\system32\drivers\a305.sys
- 2006-05-02 03:58 . 2002-06-21 15:45 25657 c:\windows\system32\drivers\a304.sys
+ 2009-07-09 17:15 . 2002-06-21 15:45 25657 c:\windows\system32\drivers\a304.sys
+ 2009-07-09 17:15 . 2002-06-21 15:46 9785 c:\windows\system32\ReinstallBackups\0008\DriverFi les\a312.sys
- 2006-05-02 03:58 . 2002-06-21 15:46 9785 c:\windows\system32\drivers\a312.sys
+ 2009-07-09 17:15 . 2002-06-21 15:46 9785 c:\windows\system32\drivers\a312.sys
- 2009-06-13 06:38 . 2002-06-21 15:02 266240 c:\windows\system32\shpshftr.dll
+ 2009-07-09 17:15 . 2002-06-21 15:02 266240 c:\windows\system32\shpshftr.dll
+ 2009-07-09 17:15 . 2002-06-21 15:02 266240 c:\windows\system32\ReinstallBackups\0008\DriverFi les\shpshftr.dll
+ 2009-07-09 17:15 . 2002-06-19 23:14 155648 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxtray.exe
+ 2009-07-09 17:15 . 2002-06-19 23:04 307200 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxsrvc.dll
+ 2009-07-09 17:15 . 2002-06-19 23:03 524288 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxress.dll
+ 2009-07-09 17:15 . 2002-06-19 23:14 200704 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxpph.dll
+ 2009-07-09 17:15 . 2002-06-19 23:04 118784 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxhk.dll
+ 2009-07-09 17:15 . 2002-06-19 23:12 221184 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxeud.dll
+ 2009-07-09 17:15 . 2002-06-19 23:11 151552 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxdiag.exe
+ 2009-07-09 17:15 . 2002-06-19 23:02 143360 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxdev.dll
+ 2009-07-09 17:15 . 2002-06-19 23:09 491520 c:\windows\system32\ReinstallBackups\0008\DriverFi les\igfxcfg.exe
+ 2009-07-09 17:15 . 2002-06-21 15:17 184320 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmgdev.dll
+ 2009-07-09 17:15 . 2002-06-21 15:44 159933 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmdev5.dll
+ 2009-07-09 17:15 . 2002-06-21 15:43 519748 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmdd5.dll
+ 2009-07-09 17:15 . 2002-06-19 23:05 114688 c:\windows\system32\ReinstallBackups\0008\DriverFi les\hkcmd.exe
+ 2009-07-09 17:15 . 2002-06-19 23:03 114688 c:\windows\system32\ReinstallBackups\0008\DriverFi les\hccutils.dll
- 2001-08-30 10:30 . 2009-07-08 05:07 401192 c:\windows\system32\perfh009.dat
+ 2001-08-30 10:30 . 2009-07-09 17:03 401192 c:\windows\system32\perfh009.dat
+ 2009-07-09 17:15 . 2002-06-19 23:14 155648 c:\windows\system32\igfxtray.exe
+ 2009-07-09 17:15 . 2002-06-19 23:04 307200 c:\windows\system32\igfxsrvc.dll
- 2006-05-02 03:58 . 2002-06-19 23:04 307200 c:\windows\system32\igfxsrvc.dll
+ 2009-07-09 17:15 . 2002-06-19 23:03 524288 c:\windows\system32\igfxress.dll
- 2006-05-02 03:58 . 2002-06-19 23:03 524288 c:\windows\system32\igfxress.dll
+ 2009-07-09 17:15 . 2002-06-19 23:14 200704 c:\windows\system32\igfxpph.dll
- 2006-05-02 03:58 . 2002-06-19 23:14 200704 c:\windows\system32\igfxpph.dll
+ 2009-07-09 17:15 . 2002-06-19 23:04 118784 c:\windows\system32\igfxhk.dll
- 2006-05-02 03:58 . 2002-06-19 23:04 118784 c:\windows\system32\igfxhk.dll
+ 2009-07-09 17:15 . 2002-06-19 23:12 221184 c:\windows\system32\igfxeud.dll
- 2006-05-02 03:58 . 2002-06-19 23:12 221184 c:\windows\system32\igfxeud.dll
+ 2009-07-09 17:15 . 2002-06-19 23:11 151552 c:\windows\system32\igfxdiag.exe
- 2006-05-02 03:58 . 2002-06-19 23:11 151552 c:\windows\system32\igfxdiag.exe
- 2006-05-02 03:58 . 2002-06-19 23:02 143360 c:\windows\system32\igfxdev.dll
+ 2009-07-09 17:15 . 2002-06-19 23:02 143360 c:\windows\system32\igfxdev.dll
+ 2009-07-09 17:15 . 2002-06-19 23:09 491520 c:\windows\system32\igfxcfg.exe
- 2006-05-02 03:58 . 2002-06-19 23:09 491520 c:\windows\system32\igfxcfg.exe
- 2006-05-02 03:58 . 2002-06-21 15:17 184320 c:\windows\system32\ialmgdev.dll
+ 2009-07-09 17:15 . 2002-06-21 15:17 184320 c:\windows\system32\ialmgdev.dll
+ 2009-07-09 17:15 . 2002-06-21 15:44 159933 c:\windows\system32\ialmdev5.dll
- 2006-05-02 03:58 . 2002-06-21 15:44 159933 c:\windows\system32\ialmdev5.dll
+ 2009-07-09 17:15 . 2002-06-21 15:43 519748 c:\windows\system32\ialmdd5.dll
- 2006-05-02 03:58 . 2002-06-21 15:43 519748 c:\windows\system32\ialmdd5.dll
+ 2009-07-09 17:15 . 2002-06-19 23:05 114688 c:\windows\system32\hkcmd.exe
+ 2009-07-09 17:15 . 2002-06-19 23:03 114688 c:\windows\system32\hccutils.dll
- 2006-05-02 03:58 . 2002-06-19 23:03 114688 c:\windows\system32\hccutils.dll
+ 2006-05-03 02:17 . 2009-07-09 20:03 262144 c:\windows\system32\config\systemprofile\ntuser.da t
- 2006-05-03 02:17 . 2009-07-08 21:32 262144 c:\windows\system32\config\systemprofile\ntuser.da t
+ 2009-07-09 17:15 . 2002-06-21 15:16 1859584 c:\windows\system32\ReinstallBackups\0008\DriverFi les\ialmgicd.dll
- 2006-05-02 03:58 . 2002-06-21 15:16 1859584 c:\windows\system32\ialmgicd.dll
+ 2009-07-09 17:15 . 2002-06-21 15:16 1859584 c:\windows\system32\ialmgicd.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2003-07-16 40960]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2003-07-16 51200]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\beep.sys]
@="beep"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"53:TCP"= 53:TCP:websrvx

R?2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [7/16/2003 4:47 PM 12800]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [6/22/2009 2:15 AM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [6/12/2009 2:56 PM 41144]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [6/12/2009 2:56 PM 179640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/5/2009 6:56 PM 24652]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\Vch.sys [7/9/2009 1:15 PM 20023]
S2 gupdate1c9c119864b630;Google Update Service (gupdate1c9c119864b630);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 2:02 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
sfx REG_MULTI_SZ sfx
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Search
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a8c9lkqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 16:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E85C18E 7-C293-4424-9DD0-B31D8DB27013}\InProcServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\iehelper.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(1716)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wpabaln.exe
c:\windows\system32\WgaTray.exe
.
************************************************** ************************
.
Completion time: 2009-07-09 16:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 20:19
ComboFix2.txt 2009-07-08 21:47
ComboFix3.txt 2009-07-05 11:25
ComboFix4.txt 2009-06-21 15:47
ComboFix5.txt 2009-07-09 20:02

Pre-Run: 5,196,771,328 bytes free
Post-Run: 5,176,143,872 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=1 Sets=1,2,3,4
455
  #40  
Old 9th Jul 2009, 14:49
Malware Group
  
Hi there

I would wait until you are free from malware before activating windows.

Close any open browsers.

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\ciuge.exe
C:\gjpipkpu.exe

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E85C18E 7-C293-4424-9DD0-B31D8DB27013}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

Lets retry a scan at kaspersky

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Please note that this may take some time to complete

**Vista users - right click IE/Firefox icon and run as administrator

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the results from both logs
__________________
Proud member of ASAP & UNITE
Reply
Page 4 of 5 123 4 5

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.