Help please - Free Antivirus Forum

Help please

BullGuard Antivirus Forum > Virus Removal > Removal Help > Help please

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-17-2009 6:15 (GMT +1)

this popup keeps sayin i have a trojen and directing me to ie-antivirus website... can you help please. here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 18:01:11, on 17/10/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\update\update.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\System32\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\System32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\search.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\sdra64.exe,
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\System32\dadef.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -c
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\System32\net.net"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 925

Posted 10-18-2009 7:45 (GMT +1)

Welcome to BG forums radders,

This system is pretty badly infected, but part of that is due to you only having Service Pack 1 installed, which hasn't been supported for a long time now (no security patches or updates). Why haven't you updated to Service Pack 2 (or even 3, now)?

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-22-2009 11:53 (GMT +1)

thanks, i dont know greqat amouts about computers. i have upgraded to service pack 2. service pack 3 wouldnt work for some reason... below is an0other scan if you can help further

Logfile of HijackThis v1.99.1
Scan saved at 23:49:13, on 22/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\update\update.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\search.html
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 925

Posted 10-23-2009 1:29 (GMT +1)

I am surprised you were able to do the upgrade. And now the parts of infection showing earlier have also been removed somehow. Did you do other repairs as well? Let's get more details and see what else remains there.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-23-2009 4:12 (GMT +1)

yea i downloaded some software recomended on ur site and that cleared it up a bit.

i tried pressed continue on RSIT and it says ERROR: variable used without being declared.

any ideas

thanks

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 925

Posted 10-23-2009 6:10 (GMT +1)

For now use the following instead, and still do the Gmer scan please.

Click here and download sUBs' dds.scr to your desktop, then click that to run the scan. A window will open while the scan runs, and when it completes two logs will open in Notepad - DDS.txt and Attach.txt. An additional message box will open that you can just X close.

Save those two log files to your desktop (go to File - Save As and browse to your desktop to save each), then post both of them back here please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-23-2009 6:58 (GMT +1)

here is the Gmer one. this is the log from the second scan as my bro closed the first before i could save the log.

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-23 18:54:37
Windows 5.1.2600 Service Pack 2
Running: kqy2poet.exe; Driver: C:\DOCUME~1\ADAM~1.ADA\LOCALS~1\Temp\fwtdrpoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE10B6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE10B574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE10BA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE10B14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) Z!!!enKey [0xEE10B64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) Z!!!enProcess [0xEE10B08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) Z!!!enThread [0xEE10B0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE10B76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE10B72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE10B8AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-23-2009 7:01 (GMT +1)

dds

DDS (Ver_09-10-13.01) - NTFSx86
Run by Adam at 18:57:09.89 on 23/10/2009
Internet Explorer: 6.0.2900.2180
AV: avast! antivirus 4.8.1356 [VPS 091022-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\system32\search.html
mStart Page = c:\windows\system32\search.html
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [FLMLABTECMOUSE] c:\program files\labtec\labtec mouse software\2.0\mouse32a.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\adam~1.ada\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\adam~1.ada\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\uleadp~1.lnk - c:\program files\ulead systems\ulead photo express 4.0 my custom edition\CalCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\watch.lnk - c:\program files\dv series\console\Watch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: <NO NAME> = no active desktop changes
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38035.3199652778
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adam~1.ada\applic~1\mozilla\firefox\profiles\4jwpm60g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-23 00:07 <DIR> --d----- c:\program files\CCleaner
2009-10-22 23:48 <DIR> --d----- C:\unzipped
2009-10-22 23:43 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-10-22 23:16 423,936 -------- c:\windows\system32\html.iec
2009-10-22 23:14 <DIR> --d----- c:\windows\ServicePackFiles
2009-10-22 23:09 19,528 a------- c:\windows\002497_.tmp
2009-10-22 23:03 <DIR> --d----- c:\windows\system32\CatRoot2
2009-10-17 21:27 <DIR> a-dshr-- C:\cmdcons
2009-10-17 20:56 236,544 a------- c:\windows\PEV.exe
2009-10-17 20:56 161,792 a------- c:\windows\SWREG.exe
2009-10-17 20:56 98,816 a------- c:\windows\sed.exe
2009-09-28 15:12 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-10-22 23:20 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-21 19:40 82,944 a------- C:\3aiky5.exe

============= FINISH: 18:57:20.78 ===============

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-23-2009 7:02 (GMT +1)

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ActivePerl 5.6.1 Build 633
Ad-Aware SE Professional
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop 7.0.1
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
Application Compatibility Toolkit
ArcSoft PhotoImpression 5
ArcSoft PhotoImpression 5 (Shared Components)
ATI Display Driver
avast! Antivirus
Black and White
Britannica 2002 Standard Edition
CCleaner (remove only)
CleanUp!
Counter-Strike(TM)
D-Link VGA Webcam
DV Series
Easy CD Creator 5 Basic
Fire Undead Screensaver 1.0
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1100 series
hp psc 1100 series
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 6
Labtec Mouse Software 2.0
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX
Mall Tycoon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Word Viewer 2003
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Mozilla Firefox (3.5.3)
MSN Toolbar
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
NETGEAR WG111 Software
Panda ActiveScan
Pass! with BSM
Prince of Persia The Sands of Time (Demo)
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB904706)
SiS 900 PCI Fast Ethernet Adapter Driver
Steam(TM)
Ulead COOL 360 1.0
Ulead Photo Explorer 6.0
Ulead Photo Express 4.0 My Custom Edition
Ulead VideoStudio 6 SE DVD
USB Vibration Joystick
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Toolbar

==== End Of File ===========================

thanks

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 925

Posted 10-24-2009 2:03 (GMT +1)

A lot of change since your first post. ComboFix is showing as used there recently, so for now I would like to see what it located. Please post the C:\ComboFix.txt log.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-24-2009 12:32 (GMT +1)

ComboFix 09-10-16.09 - Adam 17/10/2009 22:18.1.1 - NTFSx86
Running from: c:\documents and settings\Adam.ADAMSPC\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Adam.ADAMSPC\Application Data\SystemDoctor 2006 Free
c:\documents and settings\Adam.ADAMSPC\Application Data\SystemDoctor 2006 Free\Logs\update.log
c:\documents and settings\Adam.ADAMSPC\err.log
c:\documents and settings\Adam.ADAMSPC\Favorites\Online Security Test.url
c:\program files\Mozilla Firefox\plugins\npclntax.dll
c:\program files\SpyLocked 3.6
c:\program files\SpyLocked 3.6\sd.ini
c:\recycler\S-1-5-21-2727323668-691921568-2260345240-1007
c:\recycler\S-1-5-21-2727323668-691921568-2260345240-1008
c:\recycler\S-1-5-21-2727323668-691921568-2260345240-1009
c:\recycler\S-1-5-21-3248431968-3710402635-3555827625-1003
c:\windows\Installer\13f5c6b.msi
c:\windows\Installer\16ebc.msi
c:\windows\Installer\221c8.msp
c:\windows\Installer\3894d.msi
c:\windows\Installer\7abdf0.msp
c:\windows\run.log
c:\windows\system32\43312.exe
c:\windows\system32\47318.exe
c:\windows\system32\54508.exe
c:\windows\system32\copol.dll
c:\windows\System32\daDEf.dll
c:\windows\system32\dani.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\net.net
c:\windows\system32\sdra64.exe
c:\windows\system32\sstray.exe

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-17 21:36 . 2009-10-17 21:36 -------- d-----w- c:\windows\LastGood
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\unzipped
2009-10-17 14:47 . 2009-10-17 14:47 -------- d-----w- c:\documents and settings\chris2\Local Settings\Application Data\Mozilla
2009-09-28 14:12 . 2009-09-28 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-21 18:21 . 2009-09-21 18:21 -------- d-----w- c:\documents and settings\Adam.ADAMSPC\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 14:03 . 2005-02-21 20:07 -------- d-----w- c:\program files\games
2009-08-21 18:40 . 2009-08-21 18:40 82944 ----a-w- C:\3aiky5.exe
.

------- Sigcheck -------

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\browser.dll
[-] 2002-08-29 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\system32\browser.dll
[-] 2002-08-29 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\browser.dll

[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-07-13 . E48A8A28835914878C9716E71032A10C . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-07-13 . E48A8A28835914878C9716E71032A10C . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll
[-] 2006-03-17 . 551E967F1E08EE6E205FCB5ADCB0DFC5 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\cb2769f3b1daf367a31ed046299a3790\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-17 . 551E967F1E08EE6E205FCB5ADCB0DFC5 . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
[-] 2005-08-31 . A93B7C3B08B9AC15B4DCDC96A50E4C2C . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2005-08-31 . A93B7C3B08B9AC15B4DCDC96A50E4C2C . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
[-] 2005-03-11 . F6A21D5476C7B4CA9873D97BD246D6EB . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\comctl32.dll
[-] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2002-08-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\backup\sp1qfe\comctl32.dll
[-] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2002-08-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2002-08-29 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\cryptsvc.dll
[-] 2003-03-26 . 8B6DA0009AB7B3B8A5E9E28015A32EA7 . 53760 . . [5.1.2600.1190] . . c:\windows\system32\cryptsvc.dll
[-] 2003-03-26 . 8B6DA0009AB7B3B8A5E9E28015A32EA7 . 53760 . . [5.1.2600.1190] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826939$\cryptsvc.dll

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\asyncmac.sys
[-] 2002-08-29 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2002-08-29 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\kbdclass.sys
[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\LastGood(2)\system32\drivers\kbdclass.sys
[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\kbdclass.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
[-] 2003-10-04 . D999CE17681D7D074D534FC5BC662E0A . 168192 . . [5.1.2600.1254] . . c:\windows\Driver Cache\i386\ndis.sys
[-] 2003-10-04 . D999CE17681D7D074D534FC5BC662E0A . 168192 . . [5.1.2600.1254] . . c:\windows\system32\dllcache\ndis.sys
[-] 2003-10-04 . D999CE17681D7D074D534FC5BC662E0A . 168192 . . [5.1.2600.1254] . . c:\windows\system32\drivers\ndis.sys
[-] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826942$\ndis.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntfs.sys
[-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\I386\NTFS.SYS
[-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\system32\drivers\ntfs.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp1qfe\tcpip.sys
[-] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\system32\drivers\tcpip.sys

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2GDR\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\es.dll
[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2002-08-29 19:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtUninstallKB828741$\es.dll
[-] 2002-08-29 19:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\backup\sp1qfe\es.dll
[-] 2002-08-29 19:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\system32\es.dll
[-] 2002-08-29 19:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\system32\dllcache\es.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\imm32.dll
[-] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\system32\imm32.dll
[-] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\imm32.dll

[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\kernel32.dll
[-] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\backup\sp1qfe\kernel32.dll
[-] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\system32\kernel32.dll
[-] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\system32\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lpk.dll
[-] 2002-08-29 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\system32\lpk.dll
[-] 2002-08-29 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\lpk.dll

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
[-] 2002-08-29 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\system32\lsass.exe
[-] 2002-08-29 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\lsass.exe

[-] 2006-06-30 17:16 . B3E7100B7091D958AEC345DF099B0A94 . 2710528 . . [6.00.2800.1562] . . c:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\RTMQFE\mshtml.dll
[-] 2006-06-30 10:28 . DCB29B03B80C5F26BB3F3A3DDA42281D . 2703872 . . [6.00.2800.1561] . . c:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\rtmgdr\mshtml.dll
[-] 2005-04-27 10:52 . 08F0B01556EEE4C5F783E919ABE6DAD5 . 2698752 . . [6.00.2800.1505] . . c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mshtml.dll
[-] 2004-01-21 23:19 . 8C4CD3EE9B567B75CC58BCF0D782140D . 2795520 . . [6.00.2800.1400] . . c:\windows\system32\MSHTML.DLL
[-] 2004-01-21 23:19 . 8C4CD3EE9B567B75CC58BCF0D782140D . 2795520 . . [6.00.2800.1400] . . c:\windows\system32\dllcache\MSHTML.DLL
[-] 2002-08-29 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB883939-IE6SP1-20050428.125228$\mshtml.dll

[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mswsock.dll
[-] 2002-08-29 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\system32\mswsock.dll
[-] 2002-08-29 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[-] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\system32\netlogon.dll
[-] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2005-08-22 . 838B1DF317D55BFFF67F99F1AE7ECEB7 . 154624 . . [5.1.2600.1733] . . c:\windows\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\sp1qfe\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\system32\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\netman.dll

[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2004-10-22 . 5A7EB0C9F96917B7ECF5ADF70C4B1BAE . 2088448 . . [5.1.2600.1605] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
[-] 2003-04-24 . 97EC4AB4650DA6FC521CF16F8A6DDCB0 . 1925760 . . [5.1.2600.1151] . . c:\windows\$NtUninstallKB885835$\ntoskrnl.exe
[-] 2003-04-24 . 97EC4AB4650DA6FC521CF16F8A6DDCB0 . 1925760 . . [5.1.2600.1151] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2003-04-24 . 97EC4AB4650DA6FC521CF16F8A6DDCB0 . 1925760 . . [5.1.2600.1151] . . c:\windows\system32\ntoskrnl.exe
[-] 2002-08-29 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826939$\ntoskrnl.exe
[-] 2002-08-29 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp1qfe\ntoskrnl.exe
[-] 2002-08-29 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\dfeddbe03266add4998ad4eea2bf3073\backup\sp1qfe\ntoskrnl.exe

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\powrprof.dll
[-] 2002-08-29 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\system32\powrprof.dll
[-] 2002-08-29 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\qmgr.dll
[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\qmgr.dll
[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\dllcache\qmgr.dll
[-] 2002-08-29 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2GDR\rpcss.dll
[-] 2005-01-14 . 4493E3E2C9449D96F703861D73C58B88 . 284672 . . [5.1.2600.1619] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\rpcss.dll
[-] 2003-08-26 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2003-08-26 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\backup\sp1qfe\rpcss.dll
[-] 2003-08-26 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\system32\rpcss.dll
[-] 2003-08-26 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2003-07-05 . CB95493F46B8113362D8925AD6A5A4FA . 202752 . . [5.1.2600.1243] . . c:\windows\$NtUninstallKB826939$\rpcss.dll
[-] 2002-08-29 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB823980$\rpcss.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[-] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\system32\scecli.dll
[-] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\scecli.dll

[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
[-] 2002-08-29 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\system32\services.exe
[-] 2002-08-29 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\system32\dllcache\services.exe

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sfc.dll
[-] 2002-08-29 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\system32\sfc.dll
[-] 2002-08-29 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\system32\dllcache\sfc.dll

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\backup\sp1qfe\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\system32\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
[-] 2002-08-29 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\system32\svchost.exe
[-] 2002-08-29 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\system32\dllcache\svchost.exe

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . 5F0469FF26B19790B5A0D7C77871B6CD . 238592 . . [5.1.2600.1715] . . c:\windows\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp1qfe\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\system32\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp1qfe\user32.dll
[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\system32\user32.dll
[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\system32\dllcache\user32.dll
[-] 2002-11-02 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB824141$\user32.dll
[-] 2002-08-29 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826939$\user32.dll

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
[-] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\userinit.exe
[-] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\userinit.exe

[-] 2006-06-23 18:29 . 40F777875DFA05CD61FD1E8A593BE8E9 . 587776 . . [6.00.2800.1560] . . c:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\RTMQFE\wininet.dll
[-] 2006-06-23 11:33 . 7E7760C7F263EC7A740EE265B263F770 . 575488 . . [6.00.2800.1559] . . c:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\rtmgdr\wininet.dll
[-] 2005-04-27 10:54 . DFD44FB5F51809859B4BA320735A2274 . 574976 . . [6.00.2800.1505] . . c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
[-] 2004-01-21 23:16 . 96E9CBB9F5B7FACA709D87F49183AE5F . 588288 . . [6.00.2800.1400] . . c:\windows\system32\WININET.DLL
[-] 2004-01-21 23:16 . 96E9CBB9F5B7FACA709D87F49183AE5F . 588288 . . [6.00.2800.1400] . . c:\windows\system32\dllcache\WININET.DLL
[-] 2002-08-29 . F3587750A7481DCCBEA13D473A0700BE . 599040 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB883939-IE6SP1-20050428.125228$\wininet.dll

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
[-] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\system32\winlogon.exe
[-] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2006-08-16 . 7B6A08441A4F11320421599D7ECF8D41 . 70656 . . [5.1.2600.1886] . . c:\windows\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\sp1qfe\ws2_32.dll
[-] 2006-05-19 . 3748E0FC8C1B6ADA49F98C8E69A4228C . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819$\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
[-] 2003-07-10 . 06BF1D3C21274F92DDD0E09317C80B35 . 70656 . . [5.1.2600.1240] . . c:\windows\$NtUninstallKB914388$\ws2_32.dll
[-] 2003-07-10 . 06BF1D3C21274F92DDD0E09317C80B35 . 70656 . . [5.1.2600.1240] . . c:\windows\system32\ws2_32.dll
[-] 2003-07-10 . 06BF1D3C21274F92DDD0E09317C80B35 . 70656 . . [5.1.2600.1240] . . c:\windows\system32\dllcache\ws2_32.dll
[-] 2002-08-29 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB817778$\ws2_32.dll

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
[-] 2003-05-12 . A73BC66A95CF4F7B597FC8975778A889 . 996352 . . [6.00.2800.1221] . . c:\windows\explorer.exe
[-] 2003-05-12 . A73BC66A95CF4F7B597FC8975778A889 . 996352 . . [6.00.2800.1221] . . c:\windows\Driver Cache\i386\explorer.exe
[-] 2003-05-12 . A73BC66A95CF4F7B597FC8975778A889 . 996352 . . [6.00.2800.1221] . . c:\windows\system32\dllcache\explorer.exe
[-] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB820291$\explorer.exe

[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\msvcrt.dll
[-] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2002-08-29 19:00 . E826A484EDE25C3AE19F1B8086511F4B . 267536 . . [4.20.6201] . . c:\windows\I386\WIN9XUPG\MSVCRT.DLL
[-] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\msvcrt.dll
[-] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\srsvc.dll
[-] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\srsvc.dll
[-] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\eventlog.dll
[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sfcfiles.dll
[-] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll
[-] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
[-] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\system32\ctfmon.exe
[-] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\regsvc.dll
[-] 2002-08-29 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
[-] 2002-08-29 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\schedsvc.dll
[-] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\system32\schedsvc.dll
[-] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\dfeddbe03266add4998ad4eea2bf3073\backup\sp1qfe\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\system32\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ssdpsrv.dll
[-] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\system32\ssdpsrv.dll
[-] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\termsrv.dll
[-] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\system32\termsrv.dll
[-] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[-] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\LastGood(2)\system32\drivers\AGP440.SYS
[-] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\system32\dllcache\agp440.sys
[-] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\aec.sys
[-] 2002-08-28 22:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
[-] 2003-06-30 . EDDCA9C72F1E7F2E2E2AB6AD7106C4A5 . 29952 . . [5.1.2600.1240] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2002-08-29 19:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2002-08-29 19:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\msgsvc.dll
[-] 2003-10-22 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\system32\msgsvc.dll
[-] 2003-10-22 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\system32\dllcache\msgsvc.dll
[-] 2002-08-29 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB828035$\msgsvc.dll

[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2002-11-26 18:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2002-11-26 18:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\MsPMSNSv.dll

[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2004-10-22 . EFA7883018F42295D927121808AE6CEE . 1955840 . . [5.1.2600.1605] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
[-] 2003-04-24 . 46AE6F2D416C39FFDCFC8BCB01203EA3 . 1949440 . . [5.1.2600.1151] . . c:\windows\$NtUninstallKB885835$\ntkrnlpa.exe
[-] 2003-04-24 . 46AE6F2D416C39FFDCFC8BCB01203EA3 . 1949440 . . [5.1.2600.1151] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2003-04-24 . 46AE6F2D416C39FFDCFC8BCB01203EA3 . 1949440 . . [5.1.2600.1151] . . c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp1qfe\ntkrnlpa.exe
[-] 2003-04-24 . 46AE6F2D416C39FFDCFC8BCB01203EA3 . 1949440 . . [5.1.2600.1151] . . c:\windows\SoftwareDistribution\Download\dfeddbe03266add4998ad4eea2bf3073\backup\sp1qfe\ntkrnlpa.exe
[-] 2003-04-24 . 46AE6F2D416C39FFDCFC8BCB01203EA3 . 1949440 . . [5.1.2600.1151] . . c:\windows\system32\ntkrnlpa.exe
[-] 2002-08-29 . 0E8EFB15746878A9B256E75267337233 . 1947904 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826939$\ntkrnlpa.exe

[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntmssvc.dll
[-] 2002-08-29 19:00 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\system32\ntmssvc.dll
[-] 2002-08-29 19:00 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\upnphost.dll
[-] 2002-08-29 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\system32\upnphost.dll
[-] 2002-08-29 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\upnphost.dll

c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-03-24 3309568]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-24 46080]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"FLMLABTECMOUSE"="c:\program files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe" [2004-08-05 356352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-09 180269]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-10 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-03-24 782336]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-16 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2002-11-21 51200]

c:\documents and settings\Adam.ADAMSPC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-8 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-8 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2006-3-3 1056864]
Ulead Photo Express Calendar Checker For My Custom Edition.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe [2004-6-23 57344]
Watch.lnk - c:\program files\DV Series\Console\Watch.exe [2004-6-25 217088]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-11-18 106560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= no active desktop changes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e

R2 Ca533av;DV Series Video Capture;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\System32\svchost.exe [2002-08-29 12800]
R3 USBCamera;DV Series Digital Camera;c:\windows\system32\Drivers\Bulk533.sys [2002-11-22 10984]
S0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\SYSTEM32\DRIVERS\si3112r.sys [2002-10-16 84529]

.
Contents of the 'Scheduled Tasks' folder

2006-07-23 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1100 series272A572217594EBCF1CEE215E352B92AD073FDE4145658760.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\System32\search.html
mLocal Page = c:\windows\System32\search.html
mStart Page = c:\windows\System32\search.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Adam.ADAMSPC\Application Data\Mozilla\Firefox\Profiles\4jwpm60g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKCU-Run-Steam - (no file)
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-HostSrv - (no file)
AddRemove-Browser Protection Volume - c:\program files\Video AX Object\bpunst.exe
AddRemove-HijackThis - c:\unzipped\hijackthis\HijackThis.exe
AddRemove-Internet Explorer Secure Plug-in - c:\program files\Video AX Object\spunst.exe
AddRemove-Security Messenger - c:\program files\Video AX Object\smunst.exe
AddRemove-Sound'Em 1.0 - c:\program files\DV Series\UNWISE.EXE
AddRemove-Warning Banner Creator - c:\program files\Warning Banner Creator\Uninstall Warning Banner Creator.exe
AddRemove-Xfire - c:\program files\Xfire\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 23:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\System32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(792)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3652)
c:\program files\Labtec\Labtec Mouse Software\2.0\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SoftwareDistribution\Download\886e6096bfc6097431522dec4176f121\update\update.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-10-17 23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 22:24

Pre-Run: 48,680,484,864 bytes free
Post-Run: 48,752,214,016 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

444 --- E O F --- 2009-10-16 12:22

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 925

Posted 10-24-2009 11:50 (GMT +1)

ComboFix removed infection files, as well as replaced a system file malware had also replaced with it's own. But the log shows two other important system files gone missing. Most often some well-meant security scanner locates and removes the system file renamed malware file, but then leaves the system without the file to use. Let's see if we can locate any clean samples.

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

SRPeek::
c:\windows\system32\wscntfy.exe
c:\windows\system32\xmlprov.dll

Save this to your desktop as CFScript.txt

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

radders
New Member

Date Joined Oct 2009
Total Posts : 7

Posted 10-25-2009 1:03 (GMT +1)

ComboFix 09-10-24.01 - Adam 25/10/2009 0:48.3.1 - NTFSx86
Running from: c:\documents and settings\Adam.ADAMSPC\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Adam.ADAMSPC\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 15:00 . 2009-10-24 15:00 -------- d-----w- c:\documents and settings\Adam.ADAMSPC\Tracing
2009-10-24 14:57 . 2009-10-24 14:57 -------- d-----w- c:\program files\Microsoft
2009-10-24 14:56 . 2009-10-24 14:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-24 14:56 . 2009-10-24 14:57 -------- d-----w- c:\program files\Windows Live
2009-10-24 14:37 . 2009-10-24 14:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-24 14:23 . 2009-10-24 14:23 -------- d-----w- c:\program files\Microsoft Games
2009-10-24 11:35 . 2009-10-24 12:44 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-23 15:05 . 2009-10-23 15:05 -------- d-----w- C:\rsit
2009-10-23 13:03 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-23 13:01 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-23 13:01 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-23 11:48 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-23 11:48 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-10-23 11:48 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-23 11:48 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-23 11:48 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-23 11:48 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-23 11:48 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-23 11:48 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-23 11:48 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-23 11:47 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-23 11:44 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-23 11:42 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-23 11:42 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-23 11:42 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-23 11:41 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-23 11:41 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-10-23 11:41 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-23 11:41 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-23 11:40 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-22 23:07 . 2009-10-22 23:07 -------- d-----w- c:\program files\CCleaner
2009-10-22 23:06 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-22 23:06 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-22 23:06 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-22 23:06 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-22 23:06 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-22 23:06 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-22 23:06 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-22 23:06 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-22 23:05 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-22 23:05 . 2009-10-22 23:05 -------- d-----w- c:\program files\Alwil Software
2009-10-22 22:48 . 2009-10-22 22:48 -------- d-----w- C:\unzipped
2009-10-22 22:43 . 2009-10-22 22:43 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-22 22:16 . 2009-09-25 05:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-10-22 22:14 . 2009-10-23 18:28 -------- d-----w- c:\windows\ServicePackFiles
2009-10-22 22:03 . 2009-10-24 23:44 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-17 14:47 . 2009-10-17 14:47 -------- d-----w- c:\documents and settings\chris2\Local Settings\Application Data\Mozilla
2009-09-28 14:12 . 2009-09-28 14:12 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 15:00 . 2006-08-03 17:53 86000 -c--a-w- c:\documents and settings\Adam.ADAMSPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 14:03 . 2005-02-21 20:07 -------- d-----w- c:\program files\games
2009-09-25 05:56 . 2004-01-21 23:16 662016 ------w- c:\windows\system32\wininet.dll
2009-09-11 14:33 . 2002-08-29 19:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2002-08-29 19:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2002-08-29 19:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-21 18:40 . 2009-08-21 18:40 82944 ----a-w- C:\3aiky5.exe
2009-08-05 09:11 . 2006-06-01 16:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2002-08-29 19:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2002-08-29 08:04 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:53 . 2002-08-29 19:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2002-08-29 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-03-24 3309568]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-24 46080]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"FLMLABTECMOUSE"="c:\program files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe" [2004-08-05 356352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-09 180269]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-10 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-03-24 782336]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-16 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]

c:\documents and settings\Adam.ADAMSPC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-8 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-8 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2006-3-3 1056864]
Ulead Photo Express Calendar Checker For My Custom Edition.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe [2004-6-23 57344]
Watch.lnk - c:\program files\DV Series\Console\Watch.exe [2004-6-25 217088]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-11-18 106560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= no active desktop changes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=

R2 Ca533av;DV Series Video Capture;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R3 USBCamera;DV Series Digital Camera;c:\windows\system32\Drivers\Bulk533.sys [2002-11-22 10984]
S0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\SYSTEM32\DRIVERS\si3112r.sys [2002-10-16 84529]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]

.
Contents of the 'Scheduled Tasks' folder

2006-07-23 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1100 series272A572217594EBCF1CEE215E352B92AD073FDE4145658760.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
.
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\System32\search.html
mStart Page = c:\windows\System32\search.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Adam.ADAMSPC\Application Data\Mozilla\Firefox\Profiles\4jwpm60g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 00:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3556)
c:\program files\Labtec\Labtec Mouse Software\2.0\MOUDL32A.DLL
.
Completion time: 2009-10-24 0:58
ComboFix-quarantined-files.txt 2009-10-24 23:58
ComboFix2.txt 2009-10-24 23:35
ComboFix3.txt 2009-10-17 22:25

Pre-Run: 44,274,298,880 bytes free
Post-Run: 44,245,045,248 bytes free

- - End Of File - - CC61F5B2D6BA0A652A165EEF490CE335

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 925

Posted 10-25-2009 2:39 (GMT +1)

Shoot. Unfortunately ComboFix was not able to locate any file copies in the System Restore, which is the step you just did there. You will need to locate another computer that is also XP Home SP2, and get clean copies of these files from there:

c:\windows\system32\wscntfy.exe
c:\windows\system32\xmlprov.dll

Perhaps a friend or family member can email them to you. Once you have them, place a copy of each directly in the C drive folder, so you will then have this:

c:\wscntfy.exe
c:\xmlprov.dll

And post back here letting me know you have the files in place. Then we will move forward there.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Forum Information

Currently it is Saturday, November 21, 2009 10:03 PM (GMT +1)
There are a total of 73.034 posts in 17.116 threads.
In the last 3 days there were 13 new threads and 67 reply posts. View Active Threads