Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

avsystemcare infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby hematex » September 21st, 2007, 3:02 pm

Hi Katana! Ok, here is the jotti log-

File: rt28.exe_
Status: INFECTED/MALWARE
MD5: c9e453c218c36b8e328fb900c60cbb7f
Packers detected: -
Bit9 reports: File not found

Scan taken on 21 Sep 2007 18:52:25 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.ULPM.Gen
ArcaVir Found Trojan.Packed.Polycrypt.D
Avast Found nothing
AVG Antivirus Found Win32/PolyCrypt
BitDefender Found Trojan.PWS.LDPinch.TAW
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Packed.166
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Packed.Win32.PolyCrypt.d
Fortinet Found nothing
Kaspersky Anti-Virus Found Packed.Win32.PolyCrypt.d
NOD32 Found nothing
Norman Virus Control Found W32/PolyCrypt.A
Panda Antivirus Found Trj/Downloader.MDW
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-AW
VirusBuster Found Trojan.DR.Cimuz.Gen.1
VBA32 Found nothing


File: 1148250889.dat_
Status: OK
MD5: 7f30290feb95534c7e0fe9d0a777e1e5
Packers detected: -
Bit9 reports: File not found

Scan taken on 21 Sep 2007 18:55:26 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas
Advertisement
Register to Remove

Unread postby hematex » September 21st, 2007, 3:45 pm

Hi Katana, Here is the AVG log-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:42:21 PM 9/21/2007

+ Scan result:



HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Error during cleaning.
HKLM\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\S-1-5-21-720897496-3569660965-3179742922-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
C:\Documents and Settings\David\Cookies\david@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\David\Cookies\david@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP463\A0027184.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP464\A0027188.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP466\A0027620.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP466\A0027623.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP467\A0027733.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP467\A0027736.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027839.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027842.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027950.exe -> Trojan.Agent.bmk : Cleaned with backup (quarantined).


::Report end
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby Katana » September 21st, 2007, 4:00 pm

Hi Hematex,

I think that is the first AVG log that I have see with only two cookies in
You must keep your PC nice and clean :)


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINDOWS\SYSTEM32\rt28.exe
    
    Registry::
    [-HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}]
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

TotalScan

Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • ComboFix Log
  • Total Scan Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby hematex » September 21st, 2007, 4:20 pm

Hi once again Katana, here is the combofix log-

ComboFix 07-09-21.2 - "David" 2007-09-21 15:06:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.669 [GMT -5:00]
Command switches used :: C:\Documents and Settings\David\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\rt28.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\rt28.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 15:02 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-21 14:52 <DIR> d-------- C:\Program Files\Symantec
2007-09-21 12:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 12:21 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-21 11:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-09-21 11:13 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-09-21 11:13 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-09-21 11:13 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-09-21 11:08 10,872 --a------ C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys
2007-09-21 10:01 2,460 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-09-20 22:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-20 22:38 <DIR> d-------- C:\WINDOWS\ehome
2007-09-20 22:31 42,537 --a------ C:\WINDOWS\SYSTEM32\keyboard.sys
2007-09-20 22:31 169,984 --a------ C:\WINDOWS\SYSTEM32\sccbase.dll
2007-09-20 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-09-20 14:59 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-09-19 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-19 15:44 <DIR> d-------- C:\DOCUME~1\David\.housecall6.6
2007-09-19 13:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-09-19 11:05 <DIR> d-------- C:\Temp
2007-09-18 16:49 109 --ahs---- C:\WINDOWS\SYSTEM32\1148250889.dat
2007-09-14 10:13 73,728 --a------ C:\WINDOWS\SYSTEM32\dllcache\nmcom.dll
2007-09-14 10:13 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2007-09-14 10:13 593,408 --a------ C:\WINDOWS\SYSTEM32\dllcache\h323msp.dll
2007-09-14 10:13 40,960 --------- C:\WINDOWS\SYSTEM32\dllcache\evtgprov.dll
2007-09-14 10:13 364,544 --a------ C:\WINDOWS\SYSTEM32\dllcache\callcont.dll
2007-09-14 10:13 36,864 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-09-14 10:13 36,864 --a------ C:\WINDOWS\SYSTEM32\dllcache\mf3216.dll
2007-09-14 10:13 253,952 --a------ C:\WINDOWS\SYSTEM32\dllcache\mst120.dll
2007-09-14 10:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-14 10:07 26,112 --a------ C:\WINDOWS\SYSTEM32\xpsp1hfm.exe
2007-09-14 10:07 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-09-09 00:03 <DIR> d-------- C:\Program Files\DIFX
2007-09-09 00:02 81,920 --a------ C:\WINDOWS\SYSTEM32\FTD2XX.dll
2007-09-09 00:02 77,824 --a------ C:\WINDOWS\SYSTEM32\FTDIUNIN.exe
2007-09-09 00:02 34,639 --a------ C:\WINDOWS\SYSTEM32\drivers\FTD2XX.sys
2007-09-09 00:02 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-09-09 00:02 <DIR> d-------- C:\Program Files\Superchips
2007-09-08 17:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2007-09-08 16:59 7,680 --------- C:\WINDOWS\SYSTEM32\dllcache\bitsprx2.dll
2007-09-08 16:59 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2007-09-08 16:59 7,168 --------- C:\WINDOWS\SYSTEM32\dllcache\bitsprx3.dll
2007-09-08 16:59 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2007-09-08 16:59 361,984 --a------ C:\WINDOWS\SYSTEM32\dllcache\qmgr.dll
2007-09-08 16:59 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2007-09-08 16:59 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-09-08 16:59 17,408 --a------ C:\WINDOWS\SYSTEM32\dllcache\qmgrprxy.dll
2007-09-08 16:59 158,720 --------- C:\WINDOWS\SYSTEM32\xpob2res.dll
2007-09-08 16:58 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-09-08 16:57 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-09-08 16:57 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-09-08 16:57 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-09-08 16:57 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-09-08 00:35 69,632 --a------ C:\WINDOWS\SYSTEM32\lfgif13n.dll
2007-09-08 00:35 57,344 --a------ C:\WINDOWS\SYSTEM32\lfbmp13n.dll
2007-09-08 00:35 462,848 --a------ C:\WINDOWS\SYSTEM32\ltkrn13n.dll
2007-09-08 00:35 450,560 --a------ C:\WINDOWS\SYSTEM32\ltimg13n.dll
2007-09-08 00:35 401,408 --a------ C:\WINDOWS\SYSTEM32\lfcmp13n.dll
2007-09-08 00:35 299,008 --a------ C:\WINDOWS\SYSTEM32\ltdis13n.dll
2007-09-08 00:35 206,336 --a------ C:\WINDOWS\SYSTEM32\ltefx13n.dll
2007-09-08 00:35 163,840 --a------ C:\WINDOWS\SYSTEM32\ltfil13n.dll
2007-08-27 20:10 929,792 -ra------ C:\WINDOWS\SYSTEM32\PRISME5.dll
2007-08-27 20:10 15,781 -ra------ C:\WINDOWS\SYSTEM32\drivers\mdc8021x.sys
2007-08-27 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-27 20:09 <DIR> d-------- C:\Program Files\2Wire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 14:52 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-21 14:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-29 16:47 --------- d-------- C:\DOCUME~1\David\APPLIC~1\MSN6
2007-08-03 19:59 47580 --a------ C:\WINDOWS\SYSTEM32\rt26.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-21_130310.73 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\spuninst.exe
----a-w 1,110,528 2006-09-13 05:09:16 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\SP1QFE\msxml3.dll
----a-w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\SP2GDR\msxml3.dll
----a-w 1,084,416 2006-09-13 05:07:01 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\spuninst.exe
----a-w 199,936 2006-07-13 08:41:42 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\SP1QFE\rmcast.sys
----a-w 202,240 2006-07-13 08:48:58 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\SP2GDR\rmcast.sys
----a-w 202,496 2006-07-13 11:43:08 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\SP2QFE\rmcast.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\spmsg.dll
----a-w 213,216 2006-01-19 19:29:21 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\spuninst.exe
----a-w 82,432 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\fldrclnr.dll
----a-w 8,353,280 2006-07-13 13:46:56 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\shell32.dll
----a-w 700,928 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\sxs.dll
----a-w 595,968 2006-07-13 08:50:38 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\xpsp2res.dll
----a-w 925,184 2006-07-13 13:46:53 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 8,453,632 2006-07-13 13:33:27 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP2GDR\shell32.dll
----a-w 8,457,728 2006-07-13 14:03:23 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP2QFE\shell32.dll
----a-w 150,016 2006-07-13 11:22:27 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP2QFE\xpsp3res.dll
----a-w 22,752 2006-01-19 17:29:20 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:21 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\spuninst.exe
------w 225,280 2004-03-06 02:04:56 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\catsrv.dll
------w 596,480 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\catsrvut.dll
------w 110,080 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\clbcatex.dll
------w 499,712 2004-03-05 23:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\clbcatq.dll
------w 64,512 2004-03-06 02:04:59 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\colbact.dll
------w 187,904 2004-03-06 02:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comadmin.dll
------w 82,432 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comrepl.dll
------w 1,177,088 2004-03-06 02:05:02 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comsvcs.dll
------w 499,200 2004-03-06 02:05:03 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comuid.dll
------w 226,816 2004-03-06 02:05:04 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\es.dll
------w 6,656 2004-02-17 18:50:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\migregdb.exe
------w 365,568 2004-03-06 02:05:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\msdtcprx.dll
------w 977,920 2004-03-06 02:05:07 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\msdtctm.dll
------w 150,528 2004-03-06 02:05:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\msdtcuiu.dll
------w 64,512 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\mtxclu.dll
------w 82,432 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\mtxoci.dll
------w 1,169,920 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\ole32.dll
------w 68,608 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\olecli32.dll
------w 34,304 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\olecnv32.dll
------w 530,432 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\rpcrt4.dll
------w 260,608 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\rpcss.dll
------w 97,280 2004-03-06 02:05:17 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\txflog.dll
------w 9,728 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\xolehlp.dll
------w 225,280 2004-03-06 02:04:56 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\catsrv.dll
------w 596,480 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\catsrvut.dll
------w 110,080 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\clbcatex.dll
------w 499,712 2004-03-05 23:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\clbcatq.dll
------w 64,512 2004-03-06 02:04:59 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\colbact.dll
------w 187,904 2004-03-06 02:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comadmin.dll
------w 82,432 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comrepl.dll
------w 1,177,088 2004-03-06 02:05:02 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comsvcs.dll
------w 499,200 2004-03-06 02:05:03 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comuid.dll
------w 226,816 2004-03-06 02:05:04 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\es.dll
------w 6,656 2004-02-17 18:50:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\migregdb.exe
------w 365,568 2004-03-06 02:05:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\msdtcprx.dll
------w 977,920 2004-03-06 02:05:07 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\msdtctm.dll
------w 150,528 2004-03-06 02:05:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\msdtcuiu.dll
------w 64,512 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\mtxclu.dll
------w 82,432 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\mtxoci.dll
------w 1,169,920 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\ole32.dll
------w 68,608 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\olecli32.dll
------w 34,304 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\olecnv32.dll
------w 260,608 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\rpcss.dll
------w 97,280 2004-03-06 02:05:17 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\txflog.dll
------w 9,728 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\xolehlp.dll
------w 225,280 2004-03-06 02:04:56 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\catsrv.dll
------w 596,480 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\catsrvut.dll
------w 110,080 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\clbcatex.dll
------w 499,712 2004-03-05 23:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\clbcatq.dll
------w 64,512 2004-03-06 02:04:59 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\colbact.dll
------w 187,904 2004-03-06 02:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comadmin.dll
------w 82,432 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comrepl.dll
------w 1,177,088 2004-03-06 02:05:02 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comsvcs.dll
------w 499,200 2004-03-06 02:05:03 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comuid.dll
------w 226,816 2004-03-06 02:05:04 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\es.dll
------w 6,656 2004-02-17 18:50:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\migregdb.exe
------w 365,568 2004-03-06 02:05:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\msdtcprx.dll
------w 977,920 2004-03-06 02:05:07 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\msdtctm.dll
------w 150,528 2004-03-06 02:05:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\msdtcuiu.dll
------w 64,512 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\mtxclu.dll
------w 82,432 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\mtxoci.dll
------w 1,169,920 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\ole32.dll
------w 68,608 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\olecli32.dll
------w 34,304 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\olecnv32.dll
------w 260,608 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\rpcss.dll
------w 97,280 2004-03-06 02:05:17 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\txflog.dll
------w 9,728 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\xolehlp.dll
----a-w 30,720 2005-07-26 00:21:18 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\spuninst.exe
----a-w 1,425,680 2006-04-24 21:17:14 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\wmpui.dll
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\update\updspapi.dll
----a-w 7,168 2004-11-30 19:46:38 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\spmsg.dll
----a-w 169,984 2004-12-01 01:22:42 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\spuninst.exe
----a-w 21,504 2004-12-01 01:22:40 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\update\spcustom.dll
----a-w 654,848 2004-11-30 19:46:40 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\update\update.exe
----a-w 1,227,776 2005-08-30 14:14:00 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\quartz.dll
----a-w 13,536 2005-02-24 18:20:06 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\spmsg.dll
----a-w 209,632 2005-02-24 18:23:26 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\spuninst.exe
----a-w 718,048 2005-02-24 18:29:44 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\update\update.exe
----a-w 371,936 2005-02-24 18:24:48 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\spuninst.exe
----a-w 2,025,984 2005-09-10 02:04:32 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\sp1qfe\cdosys.dll
----a-w 2,067,968 2005-09-10 01:53:41 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\sp2gdr\cdosys.dll
----a-w 2,068,480 2005-09-10 01:48:47 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\sp2qfe\cdosys.dll
----a-w 30,720 2005-09-09 21:26:26 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\spuninst.exe
----a-w 140,288 2006-06-26 17:47:50 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP1QFE\dnsapi.dll
----a-w 6,144 2006-06-26 17:47:50 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP1QFE\rasadhlp.dll
----a-w 148,480 2006-06-26 17:37:10 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2GDR\dnsapi.dll
----a-w 8,192 2006-06-26 17:37:10 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2GDR\rasadhlp.dll
----a-w 147,456 2006-06-26 17:45:19 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2QFE\dnsapi.dll
----a-w 7,680 2006-06-26 17:45:19 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2QFE\rasadhlp.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\update\updspapi.dll
----a-w 516,336 2005-10-06 23:26:10 C:\WINDOWS\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\WindowsXP-KB902400-x86-express-ENU.exe
----a-w 7,168 2004-10-14 15:34:52 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\spmsg.dll
----a-w 169,984 2004-10-14 15:36:18 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\spuninst.exe
----a-w 493,056 2004-11-17 17:57:01 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\sp1qfe\hypertrm.dll
----a-w 347,136 2004-11-17 17:41:24 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\sp2gdr\hypertrm.dll
----a-w 347,136 2004-11-17 17:31:32 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\sp2qfe\hypertrm.dll
----a-w 21,504 2004-10-14 15:36:16 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\update\spcustom.dll
----a-w 654,848 2004-10-14 15:34:54 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\update\update.exe
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\spuninst.exe
----a-w 238,592 2005-07-08 16:09:48 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp1qfe\tapisrv.dll
----a-w 249,344 2005-07-08 16:27:56 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp2gdr\tapisrv.dll
----a-w 249,344 2005-07-08 16:28:58 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp2qfe\tapisrv.dll
----a-w 30,720 2005-07-08 00:27:08 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\spuninst.exe
----a-w 321,536 2006-08-14 08:59:20 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\SP1QFE\srv.sys
----a-w 332,928 2006-08-14 10:34:41 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\SP2GDR\srv.sys
----a-w 332,928 2006-08-14 12:00:42 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\SP2QFE\srv.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\spuninst.exe
----a-w 561,664 2006-08-25 15:53:55 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\comctl32.dll
----a-w 82,432 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\fldrclnr.dll
----a-w 8,353,280 2006-07-13 13:46:56 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\shell32.dll
----a-w 700,928 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\sxs.dll
----a-w 595,968 2006-08-25 09:14:17 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\xpsp2res.dll
----a-w 925,184 2006-08-25 15:53:52 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 617,472 2006-08-25 15:45:58 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP2QFE\comctl32.dll
----a-w 1,054,208 2006-08-25 13:45:56 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP2QFE\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\update\update.exe
----a-w 371,424 2006-01-19 19:29:21 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\spuninst.exe
----a-w 226,816 2005-10-27 19:06:37 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\sp1qfe\srrstr.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\update\updspapi.dll
----a-w 22,622 2007-09-21 19:49:09 C:\WINDOWS\SoftwareDistribution\EventCache\{9BE8581E-1E8D-49FA-A9F5-6F7912C13504}.bin
----a-w 40,196 2007-09-21 20:05:04 C:\WINDOWS\SYSTEM32\perfc009.dat
----a-w 311,934 2007-09-21 20:05:04 C:\WINDOWS\SYSTEM32\perfh009.dat
.
----a-w 40,196 2007-09-21 17:24:22 C:\WINDOWS\SYSTEM32\perfc009.dat
----a-w 311,934 2007-09-21 17:24:22 C:\WINDOWS\SYSTEM32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-13 22:00]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 22:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 22:00]
"CHotkey"="mHotkey.exe" [2002-01-17 14:54 C:\WINDOWS\mHotkey.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-02 09:53]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-29 14:23]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" []
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 05:41]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lexmark X125 Settings Utility.lnk - C:\Program Files\Lexmark X125\LEX125SU.exe [2007-02-25 21:05:50]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 22:00:00]

R0 fasttrak;fasttrak;C:\WINDOWS\System32\DRIVERS\fasttrak.sys
R0 hpt3xx;hpt3xx;C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
R3 P17;Creative SB Audigy LS;C:\WINDOWS\System32\drivers\P17.sys
S2 DgiVecp;DgiVecp;\??\C:\WINDOWS\System32\Drivers\DgiVecp.sys
S2 lanmanserverClipSrv;Server lanmanserverClipSrv;C:\WINDOWS\System32\rt26.exe srv
S3 BCMModem;BCM V.90 56K Modem;C:\WINDOWS\System32\DRIVERS\BCMDM.sys
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\System32\Drivers\FTD2XX.sys

*Newly Created Service* - NMSCFG
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 15:08:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 15:08:37
C:\ComboFix-quarantined-files.txt ... 2007-09-21 15:08
C:\ComboFix2.txt ... 2007-09-21 13:04
.
--- E O F ---
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby hematex » September 21st, 2007, 5:23 pm

Hi Katana! Machine is running much better, all of the obvious symptoms are gone. Here is the total scan log-

ANALYSIS: 2007-09-21 16:21:26
PROTECTIONS: 0
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00132734 adware/24-7-search Adware No 0 Yes No c:\windows\system32\unppc.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\David\Desktop\SmitfraudFix\Process.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\David\Desktop\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP474\A0033688.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP473\A0033664.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP471\A0033250.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\David\Desktop\ComboFix.exe[nircmd.exe]
01298820 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20070919-190659.backup
01326241 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No C:\WINDOWS\SYSTEM32\rt26.exe
01343045 Trj/Downloader.PUT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP466\A0027609.exe
01343045 Trj/Downloader.PUT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP471\A0033212.exe
01343045 Trj/Downloader.PUT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027828.exe
01343045 Trj/Downloader.PUT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP467\A0027722.exe
01343045 Trj/Downloader.PUT Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\tskmgr.exe.vir
01648701 Trj/Spammer.ADP Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP470\A0033163.EXE
01941906 Trj/Downloader.QDY Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP473\A0033561.exe
01954313 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP465\A0027339.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP467\A0027768.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP462\A0027140.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP466\A0027653.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027872.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP467\A0027766.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP466\A0027655.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027874.exe
02130616 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP465\A0027555.exe
02130617 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP471\A0033213.sys
02130617 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP466\A0027654.sys
02130617 Trj/Houd.A Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\drivers\ohctusb.sys.vir
02130617 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027873.sys
02130617 Trj/Houd.A Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\drivers\ohctusb.syt.vir
02130617 Trj/Houd.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP467\A0027767.sys
02159699 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\rt28.exe.vir
02159699 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP467\A0027724.exe
02159699 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP466\A0027611.exe
02159699 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP468\A0027830.exe
02159699 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP474\A0033671.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby Katana » September 21st, 2007, 5:40 pm

Hi Hematex,
Most of those bad files are in System Restore, so they are nothing to worry about
We will take care of those later :)

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    NetSvc::
    lanmanserverClipSrv
    
    File::
    c:\windows\system32\unppc.exe
    C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20070919-190659.backup
    C:\WINDOWS\SYSTEM32\rt26.exe
    
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please post the ComboFix Log and a fresh HJT log in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby hematex » September 21st, 2007, 5:54 pm

ComboFix log-

ComboFix 07-09-21.2 - "David" 2007-09-21 16:44:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.724 [GMT -5:00]
Command switches used :: C:\Documents and Settings\David\Desktop\CFScript.txt
* Created a new restore point

FILE::
c:\windows\system32\unppc.exe
C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20070919-190659.backup
C:\WINDOWS\SYSTEM32\rt26.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20070919-190659.backup
C:\WINDOWS\SYSTEM32\rt26.exe
c:\windows\system32\unppc.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 15:22 <DIR> d-------- C:\Program Files\Panda Security
2007-09-21 14:52 <DIR> d-------- C:\Program Files\Symantec
2007-09-21 12:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 12:21 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-21 11:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-09-21 11:13 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-09-21 11:13 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-09-21 11:13 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-09-21 11:08 10,872 --a------ C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys
2007-09-21 10:01 2,460 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-09-20 22:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-20 22:38 <DIR> d-------- C:\WINDOWS\ehome
2007-09-20 22:31 42,537 --a------ C:\WINDOWS\SYSTEM32\keyboard.sys
2007-09-20 22:31 169,984 --a------ C:\WINDOWS\SYSTEM32\sccbase.dll
2007-09-20 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-09-20 14:59 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-09-19 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-19 15:44 <DIR> d-------- C:\DOCUME~1\David\.housecall6.6
2007-09-19 13:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-09-19 11:05 <DIR> d-------- C:\Temp
2007-09-18 16:49 109 --ahs---- C:\WINDOWS\SYSTEM32\1148250889.dat
2007-09-14 10:13 73,728 --a------ C:\WINDOWS\SYSTEM32\dllcache\nmcom.dll
2007-09-14 10:13 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2007-09-14 10:13 593,408 --a------ C:\WINDOWS\SYSTEM32\dllcache\h323msp.dll
2007-09-14 10:13 40,960 --------- C:\WINDOWS\SYSTEM32\dllcache\evtgprov.dll
2007-09-14 10:13 364,544 --a------ C:\WINDOWS\SYSTEM32\dllcache\callcont.dll
2007-09-14 10:13 36,864 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-09-14 10:13 36,864 --a------ C:\WINDOWS\SYSTEM32\dllcache\mf3216.dll
2007-09-14 10:13 253,952 --a------ C:\WINDOWS\SYSTEM32\dllcache\mst120.dll
2007-09-14 10:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-14 10:07 26,112 --a------ C:\WINDOWS\SYSTEM32\xpsp1hfm.exe
2007-09-14 10:07 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-09-09 00:03 <DIR> d-------- C:\Program Files\DIFX
2007-09-09 00:02 81,920 --a------ C:\WINDOWS\SYSTEM32\FTD2XX.dll
2007-09-09 00:02 77,824 --a------ C:\WINDOWS\SYSTEM32\FTDIUNIN.exe
2007-09-09 00:02 34,639 --a------ C:\WINDOWS\SYSTEM32\drivers\FTD2XX.sys
2007-09-09 00:02 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-09-09 00:02 <DIR> d-------- C:\Program Files\Superchips
2007-09-08 17:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2007-09-08 16:59 7,680 --------- C:\WINDOWS\SYSTEM32\dllcache\bitsprx2.dll
2007-09-08 16:59 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2007-09-08 16:59 7,168 --------- C:\WINDOWS\SYSTEM32\dllcache\bitsprx3.dll
2007-09-08 16:59 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2007-09-08 16:59 361,984 --a------ C:\WINDOWS\SYSTEM32\dllcache\qmgr.dll
2007-09-08 16:59 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2007-09-08 16:59 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-09-08 16:59 17,408 --a------ C:\WINDOWS\SYSTEM32\dllcache\qmgrprxy.dll
2007-09-08 16:59 158,720 --------- C:\WINDOWS\SYSTEM32\xpob2res.dll
2007-09-08 16:58 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-09-08 16:57 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-09-08 16:57 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-09-08 16:57 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-09-08 16:57 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-09-08 00:35 69,632 --a------ C:\WINDOWS\SYSTEM32\lfgif13n.dll
2007-09-08 00:35 57,344 --a------ C:\WINDOWS\SYSTEM32\lfbmp13n.dll
2007-09-08 00:35 462,848 --a------ C:\WINDOWS\SYSTEM32\ltkrn13n.dll
2007-09-08 00:35 450,560 --a------ C:\WINDOWS\SYSTEM32\ltimg13n.dll
2007-09-08 00:35 401,408 --a------ C:\WINDOWS\SYSTEM32\lfcmp13n.dll
2007-09-08 00:35 299,008 --a------ C:\WINDOWS\SYSTEM32\ltdis13n.dll
2007-09-08 00:35 206,336 --a------ C:\WINDOWS\SYSTEM32\ltefx13n.dll
2007-09-08 00:35 163,840 --a------ C:\WINDOWS\SYSTEM32\ltfil13n.dll
2007-08-27 20:10 929,792 -ra------ C:\WINDOWS\SYSTEM32\PRISME5.dll
2007-08-27 20:10 15,781 -ra------ C:\WINDOWS\SYSTEM32\drivers\mdc8021x.sys
2007-08-27 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-27 20:09 <DIR> d-------- C:\Program Files\2Wire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 14:52 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-21 14:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-29 16:47 --------- d-------- C:\DOCUME~1\David\APPLIC~1\MSN6
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-21_130310.73 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 24,576 2001-07-03 10:36:30 C:\WINDOWS\HKNTDLL.dll
----a-w 479,744 2002-01-17 19:54:44 C:\WINDOWS\mHotkey.exe
----a-w 124,208 2007-08-21 19:37:26 C:\WINDOWS\Downloaded Program Files\ascstubie.dll
----a-w 12,592 2007-07-18 19:49:56 C:\WINDOWS\Downloaded Program Files\libcomm.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\spuninst.exe
----a-w 1,110,528 2006-09-13 05:09:16 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\SP1QFE\msxml3.dll
----a-w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\SP2GDR\msxml3.dll
----a-w 1,084,416 2006-09-13 05:07:01 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\187d2ab765f3595de795d17271e0496c\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\spuninst.exe
----a-w 199,936 2006-07-13 08:41:42 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\SP1QFE\rmcast.sys
----a-w 202,240 2006-07-13 08:48:58 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\SP2GDR\rmcast.sys
----a-w 202,496 2006-07-13 11:43:08 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\SP2QFE\rmcast.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\spmsg.dll
----a-w 213,216 2006-01-19 19:29:21 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\spuninst.exe
----a-w 82,432 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\fldrclnr.dll
----a-w 8,353,280 2006-07-13 13:46:56 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\shell32.dll
----a-w 700,928 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\sxs.dll
----a-w 595,968 2006-07-13 08:50:38 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\xpsp2res.dll
----a-w 925,184 2006-07-13 13:46:53 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP1QFE\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 8,453,632 2006-07-13 13:33:27 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP2GDR\shell32.dll
----a-w 8,457,728 2006-07-13 14:03:23 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP2QFE\shell32.dll
----a-w 150,016 2006-07-13 11:22:27 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\SP2QFE\xpsp3res.dll
----a-w 22,752 2006-01-19 17:29:20 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:21 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\spuninst.exe
------w 225,280 2004-03-06 02:04:56 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\catsrv.dll
------w 596,480 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\catsrvut.dll
------w 110,080 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\clbcatex.dll
------w 499,712 2004-03-05 23:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\clbcatq.dll
------w 64,512 2004-03-06 02:04:59 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\colbact.dll
------w 187,904 2004-03-06 02:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comadmin.dll
------w 82,432 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comrepl.dll
------w 1,177,088 2004-03-06 02:05:02 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comsvcs.dll
------w 499,200 2004-03-06 02:05:03 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\comuid.dll
------w 226,816 2004-03-06 02:05:04 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\es.dll
------w 6,656 2004-02-17 18:50:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\migregdb.exe
------w 365,568 2004-03-06 02:05:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\msdtcprx.dll
------w 977,920 2004-03-06 02:05:07 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\msdtctm.dll
------w 150,528 2004-03-06 02:05:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\msdtcuiu.dll
------w 64,512 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\mtxclu.dll
------w 82,432 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\mtxoci.dll
------w 1,169,920 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\ole32.dll
------w 68,608 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\olecli32.dll
------w 34,304 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\olecnv32.dll
------w 530,432 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\rpcrt4.dll
------w 260,608 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\rpcss.dll
------w 97,280 2004-03-06 02:05:17 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\txflog.dll
------w 9,728 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp1qfe\xolehlp.dll
------w 225,280 2004-03-06 02:04:56 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\catsrv.dll
------w 596,480 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\catsrvut.dll
------w 110,080 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\clbcatex.dll
------w 499,712 2004-03-05 23:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\clbcatq.dll
------w 64,512 2004-03-06 02:04:59 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\colbact.dll
------w 187,904 2004-03-06 02:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comadmin.dll
------w 82,432 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comrepl.dll
------w 1,177,088 2004-03-06 02:05:02 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comsvcs.dll
------w 499,200 2004-03-06 02:05:03 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\comuid.dll
------w 226,816 2004-03-06 02:05:04 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\es.dll
------w 6,656 2004-02-17 18:50:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\migregdb.exe
------w 365,568 2004-03-06 02:05:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\msdtcprx.dll
------w 977,920 2004-03-06 02:05:07 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\msdtctm.dll
------w 150,528 2004-03-06 02:05:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\msdtcuiu.dll
------w 64,512 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\mtxclu.dll
------w 82,432 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\mtxoci.dll
------w 1,169,920 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\ole32.dll
------w 68,608 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\olecli32.dll
------w 34,304 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\olecnv32.dll
------w 260,608 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\rpcss.dll
------w 97,280 2004-03-06 02:05:17 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\txflog.dll
------w 9,728 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2gdr\xolehlp.dll
------w 225,280 2004-03-06 02:04:56 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\catsrv.dll
------w 596,480 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\catsrvut.dll
------w 110,080 2004-03-06 02:04:57 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\clbcatex.dll
------w 499,712 2004-03-05 23:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\clbcatq.dll
------w 64,512 2004-03-06 02:04:59 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\colbact.dll
------w 187,904 2004-03-06 02:05:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comadmin.dll
------w 82,432 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comrepl.dll
------w 1,177,088 2004-03-06 02:05:02 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comsvcs.dll
------w 499,200 2004-03-06 02:05:03 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\comuid.dll
------w 226,816 2004-03-06 02:05:04 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\es.dll
------w 6,656 2004-02-17 18:50:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\migregdb.exe
------w 365,568 2004-03-06 02:05:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\msdtcprx.dll
------w 977,920 2004-03-06 02:05:07 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\msdtctm.dll
------w 150,528 2004-03-06 02:05:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\msdtcuiu.dll
------w 64,512 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\mtxclu.dll
------w 82,432 2004-03-06 02:05:09 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\mtxoci.dll
------w 1,169,920 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\ole32.dll
------w 68,608 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\olecli32.dll
------w 34,304 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\olecnv32.dll
------w 260,608 2002-08-29 10:41:10 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\rpcss.dll
------w 97,280 2004-03-06 02:05:17 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\txflog.dll
------w 9,728 2001-08-18 11:00:00 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\backup\sp2qfe\xolehlp.dll
----a-w 30,720 2005-07-26 00:21:18 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\26850ce336513bfee15ef865c4e6576c\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\spuninst.exe
----a-w 1,425,680 2006-04-24 21:17:14 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\wmpui.dll
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\318a7ed3bd9cf3fc3bb703f0338f2615\update\updspapi.dll
----a-w 7,168 2004-11-30 19:46:38 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\spmsg.dll
----a-w 169,984 2004-12-01 01:22:42 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\spuninst.exe
----a-w 21,504 2004-12-01 01:22:40 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\update\spcustom.dll
----a-w 654,848 2004-11-30 19:46:40 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\update\update.exe
----a-w 1,227,776 2005-08-30 14:14:00 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\quartz.dll
----a-w 13,536 2005-02-24 18:20:06 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\spmsg.dll
----a-w 209,632 2005-02-24 18:23:26 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\spuninst.exe
----a-w 718,048 2005-02-24 18:29:44 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\update\update.exe
----a-w 371,936 2005-02-24 18:24:48 C:\WINDOWS\SoftwareDistribution\Download\7620ec43f43aac09b638216a601edfe9\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\spuninst.exe
----a-w 2,025,984 2005-09-10 02:04:32 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\sp1qfe\cdosys.dll
----a-w 2,067,968 2005-09-10 01:53:41 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\sp2gdr\cdosys.dll
----a-w 2,068,480 2005-09-10 01:48:47 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\sp2qfe\cdosys.dll
----a-w 30,720 2005-09-09 21:26:26 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\spuninst.exe
----a-w 140,288 2006-06-26 17:47:50 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP1QFE\dnsapi.dll
----a-w 6,144 2006-06-26 17:47:50 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP1QFE\rasadhlp.dll
----a-w 148,480 2006-06-26 17:37:10 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2GDR\dnsapi.dll
----a-w 8,192 2006-06-26 17:37:10 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2GDR\rasadhlp.dll
----a-w 147,456 2006-06-26 17:45:19 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2QFE\dnsapi.dll
----a-w 7,680 2006-06-26 17:45:19 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\SP2QFE\rasadhlp.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\update\updspapi.dll
----a-w 516,336 2005-10-06 23:26:10 C:\WINDOWS\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\WindowsXP-KB902400-x86-express-ENU.exe
----a-w 7,168 2004-10-14 15:34:52 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\spmsg.dll
----a-w 169,984 2004-10-14 15:36:18 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\spuninst.exe
----a-w 493,056 2004-11-17 17:57:01 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\sp1qfe\hypertrm.dll
----a-w 347,136 2004-11-17 17:41:24 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\sp2gdr\hypertrm.dll
----a-w 347,136 2004-11-17 17:31:32 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\sp2qfe\hypertrm.dll
----a-w 21,504 2004-10-14 15:36:16 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\update\spcustom.dll
----a-w 654,848 2004-10-14 15:34:54 C:\WINDOWS\SoftwareDistribution\Download\c1fd7fbb2b63f1c80fc27f2df1ef6fcd\update\update.exe
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\spuninst.exe
----a-w 238,592 2005-07-08 16:09:48 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp1qfe\tapisrv.dll
----a-w 249,344 2005-07-08 16:27:56 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp2gdr\tapisrv.dll
----a-w 249,344 2005-07-08 16:28:58 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp2qfe\tapisrv.dll
----a-w 30,720 2005-07-08 00:27:08 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\spuninst.exe
----a-w 321,536 2006-08-14 08:59:20 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\SP1QFE\srv.sys
----a-w 332,928 2006-08-14 10:34:41 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\SP2GDR\srv.sys
----a-w 332,928 2006-08-14 12:00:42 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\SP2QFE\srv.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\spuninst.exe
----a-w 561,664 2006-08-25 15:53:55 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\comctl32.dll
----a-w 82,432 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\fldrclnr.dll
----a-w 8,353,280 2006-07-13 13:46:56 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\shell32.dll
----a-w 700,928 2004-08-20 22:01:15 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\sxs.dll
----a-w 595,968 2006-08-25 09:14:17 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\xpsp2res.dll
----a-w 925,184 2006-08-25 15:53:52 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP1QFE\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 617,472 2006-08-25 15:45:58 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP2QFE\comctl32.dll
----a-w 1,054,208 2006-08-25 13:45:56 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\SP2QFE\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\update\update.exe
----a-w 371,424 2006-01-19 19:29:21 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\spuninst.exe
----a-w 226,816 2005-10-27 19:06:37 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\sp1qfe\srrstr.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\update\updspapi.dll
----a-w 22,622 2007-09-21 19:49:09 C:\WINDOWS\SoftwareDistribution\EventCache\{9BE8581E-1E8D-49FA-A9F5-6F7912C13504}.bin
----a-w 45,568 2001-08-18 19:00:00 C:\WINDOWS\SYSTEM32\cnbjmon.dll
----a-w 22,528 2001-08-18 19:00:00 C:\WINDOWS\SYSTEM32\hid.dll
----a-w 126,976 2002-08-29 10:40:56 C:\WINDOWS\SYSTEM32\imagehlp.dll
----a-w 995,383 2001-08-18 11:00:00 C:\WINDOWS\SYSTEM32\mfc42.dll
----a-w 1,118,208 2002-03-05 00:35:26 C:\WINDOWS\SYSTEM32\NMSSvc.Exe
----a-w 668,672 2002-08-29 10:40:42 C:\WINDOWS\SYSTEM32\ntdll.dll
----a-w 40,196 2007-09-21 20:05:04 C:\WINDOWS\SYSTEM32\perfc009.dat
----a-w 311,934 2007-09-21 20:05:04 C:\WINDOWS\SYSTEM32\perfh009.dat
----a-w 12,800 2001-08-18 19:00:00 C:\WINDOWS\SYSTEM32\pjlmon.dll
.
------w 24,576 2001-07-03 10:36:30 C:\WINDOWS\HKNTDLL.dll
------w 479,744 2002-01-17 19:54:44 C:\WINDOWS\mHotkey.exe
------w 45,568 2001-08-18 19:00:00 C:\WINDOWS\SYSTEM32\cnbjmon.dll
------w 22,528 2001-08-18 19:00:00 C:\WINDOWS\SYSTEM32\hid.dll
------w 126,976 2002-08-29 10:40:56 C:\WINDOWS\SYSTEM32\imagehlp.dll
------w 995,383 2001-08-18 11:00:00 C:\WINDOWS\SYSTEM32\mfc42.dll
------w 1,118,208 2002-03-05 00:35:26 C:\WINDOWS\SYSTEM32\NMSSvc.Exe
------w 668,672 2002-08-29 10:40:42 C:\WINDOWS\SYSTEM32\ntdll.dll
----a-w 40,196 2007-09-21 17:24:22 C:\WINDOWS\SYSTEM32\perfc009.dat
----a-w 311,934 2007-09-21 17:24:22 C:\WINDOWS\SYSTEM32\perfh009.dat
------w 12,800 2001-08-18 19:00:00 C:\WINDOWS\SYSTEM32\pjlmon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-13 22:00]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 22:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 22:00]
"CHotkey"="mHotkey.exe" [2002-01-17 14:54 C:\WINDOWS\mHotkey.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-02 09:53]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-29 14:23]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" []
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 05:41]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lexmark X125 Settings Utility.lnk - C:\Program Files\Lexmark X125\LEX125SU.exe [2007-02-25 21:05:50]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 22:00:00]

R0 fasttrak;fasttrak;C:\WINDOWS\System32\DRIVERS\fasttrak.sys
R0 hpt3xx;hpt3xx;C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
R3 P17;Creative SB Audigy LS;C:\WINDOWS\System32\drivers\P17.sys
S2 DgiVecp;DgiVecp;\??\C:\WINDOWS\System32\Drivers\DgiVecp.sys
S2 lanmanserverClipSrv;Server lanmanserverClipSrv;C:\WINDOWS\System32\rt26.exe srv
S2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
S3 BCMModem;BCM V.90 56K Modem;C:\WINDOWS\System32\DRIVERS\BCMDM.sys
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\System32\Drivers\FTD2XX.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 16:46:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 16:47:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 16:47
C:\ComboFix2.txt ... 2007-09-21 15:08
C:\ComboFix3.txt ... 2007-09-21 13:04
.
--- E O F ---
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby hematex » September 21st, 2007, 5:55 pm

New HJT log-

Logfile of HijackThis v1.99.1
Scan saved at 4:52:35 PM, on 9/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&m ... PLHSEM&O=I
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9288590140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9288663546
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Server lanmanserverClipSrv (lanmanserverClipSrv) - Unknown owner - C:\WINDOWS\System32\rt26.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby Katana » September 21st, 2007, 6:07 pm

Nearly there :)

Have you uninstalled your Symantec Anti-Virus ?
it was in your previous logs, and now it is gone.

Disable Teatimer
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.


Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Server lanmanserverClipSrv (lanmanserverClipSrv) - Unknown owner - C:\WINDOWS\System32\rt26.exe (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Please post a fresh HJT in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby hematex » September 21st, 2007, 6:25 pm

New hjt log-

Logfile of HijackThis v1.99.1
Scan saved at 5:23:48 PM, on 9/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&m ... PLHSEM&O=I
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9288590140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9288663546
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Server lanmanserverClipSrv (lanmanserverClipSrv) - Unknown owner - C:\WINDOWS\System32\rt26.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby hematex » September 21st, 2007, 6:32 pm

Yes, I was able to uninstall the Symantec Anti-virus after the first round of ComboFix with the custom script. I regained my administrative capabilities. That Symantec was being a pest for some reason. Thanks!
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby Katana » September 21st, 2007, 6:42 pm

ARRRRGGGHH !!!!
You are on the web with only XP SP1 installed and no Antivirus
You do like to live dangerously :lol:

No Antivirus
I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list
AVG Free
Avira AntiVir
Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST

go to Start > Run, and copy/paste the following into the Open box:
sc delete lanmanserverClipSrv
Click: OK

Please post a new HJT log AFTER you install an AV ;)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby hematex » September 21st, 2007, 7:28 pm

Ok, got the AVG, ran it and it found some problems. Here is the log-

Logfile of HijackThis v1.99.1
Scan saved at 6:27:13 PM, on 9/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&m ... PLHSEM&O=I
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9288590140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9288663546
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas

Unread postby Katana » September 21st, 2007, 7:56 pm

Congratulations your logs look clean :D

Let’s see if I can help you keep it that way

First lets tidy up :D
Please delete the following as they are no longer needed
SmitFraudFix.exe
ComboFix.exe
MGADiag.exe
CFScript.txt
TotalScan Log

(all the above should be on your desktop)
C:\Qoobox (created by ComboFix)
C:\Rapport.txt
C:\ComboFix-quarantined-files.txt
C:\ComboFix.txt
C:\ComboFix2.txt
C:\ComboFix3.txt


Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

Enable Teatimer

  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • check the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Now you should disable System restore to purge any infected files and then re-enable it

Reset System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.

Firewall
You do not appear to have a firewall.
You may be using Windows firewall, however this only stops incoming traffic.
A third party firewall is much safer, as it stops malware that does get on your PC from contacting "home"
Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
There are many free ones to choose from if cost is a problem. Visit here to choose one.

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk. You should update XP as soon as possible
Malware changes on a day to day basis. You should update every week at the very least.

Also PLEASE read this article

So How Did I Get Infected In The First Place

If you can see a program in the must have section that you have never seen or used then get it!

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby hematex » September 21st, 2007, 11:53 pm

Hi Katana! My machine is doing much better, I do believe that you've fixed everything. I can't thank you enough for all of your help. Here is one more HJT log, hope it makes you proud! Thanks again, Hematex

Logfile of HijackThis v1.99.1
Scan saved at 10:48:22 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&m ... PLHSEM&O=I
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9288590140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9288663546
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
hematex
Regular Member
 
Posts: 19
Joined: September 20th, 2007, 3:29 pm
Location: Texas
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 379 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware