Free Malware Removal Forum

by **StCharles** » May 13th, 2010, 10:52 am

I am redirected when I use Google.
I will copy and paste as suggested.
I am an Online College student and it is finals week so I am grateful for any help!
Thank you to those who help us computer dummies, you are Amazing !

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:15:04 AM, on 5/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\XoftSpySE6\XoftSpySE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Belkin\Router Setup and Monitor\ndis_events.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080116
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {13C4F831-5195-4B13-85F6-D3980A4B2623} - C:\WINDOWS\system32\dnsapi32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [XoftSpySE] "C:\Program Files\XoftSpySE6\XoftSpySE.exe" -NM -hidesplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Karen\Application Data\SystemProc\lsass.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZKfox000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chuzzle%20Deluxe/Images/stg_drm.ocx
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent ... Status.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chuzzle%20Deluxe/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\dinput832.dll
O20 - Winlogon Notify: c487bb58909 - C:\WINDOWS\system32\dinput832.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 11280 bytes

Uninstall list:
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Belkin Setup and Router Monitor
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell DataSafe Online
Dell Support Center
Dell Wireless WLAN Card
Digital Line Detect
Documentation & Support Launcher
GameHouse
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 7
LimeWire 5.3.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mighty Math Number Heroes
Modem Helper
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
PowerDVD 5.7
Puppy Luv
QualxServ Service Agreement
QuickSet
QuickTime
RealPlayer
Revo Uninstaller 1.83
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sierra Utilities
Super Solvers Reading Ages 9-12
Synaptics Pointing Device Driver
The ClueFinders Reading Adventures Ages 9-12
Typer Shark Deluxe
Typer Shark Deluxe (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
VoiceOver Kit
Where in the World Is Carmen Sandiego? Treasures of Knowledge
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XoftSpySE
ZoneAlarm

by **Airscape** » May 16th, 2010, 8:30 pm

Hello StCharles... welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
HijackThis logs can take time to analyze. Please be patient with me.

Take note of following before we begin:

Post to this thread only and please stick to it until you are given an All Clean. Absence of symptoms does not mean that your computer is clean.
The instructions I give are for This computer only and should not be used on any other pc.
Do NOT run any tools/scans unless I instruct you to.
Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
If you have any problems, please stop and ask before proceeding with any fixes.
ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm in training here at MRU, everything I post must be checked by an expert first. So there may be a slight delay in between posts.

No reply within 3 days will result in your topic being closed. If you need more time, please let me know.

by **Airscape** » May 17th, 2010, 10:33 am

Password Stealer
I'm afraid I have unpleasant news for you. One of the identified infections is a Password Stealer.
It allows outsiders to monitor your Internet activity and private information. It then sends the stolen data to a hacker site.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being: Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.

Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

--------------------------------------------

Remove P2P programs
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 5.3.6

Please read the Forum Policy on P2P use.
We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.
Please read this link for more information: http://www.microsoft.com/protect/data/d ... aring.aspx
Note: If you choose not to remove the P2P programs, please say so in your next post, and this topic will be closed.

Go to Start > Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW

--------------------------------------------

Uninstall list with HijackThis

Launch HijackThis and click Open the Misc Tools section
Under System Tools > Click Open Uninstall Manager
Click on the Save list... button to the right. By default it's named uninstall_list.txt
Please post the uninstall_list.txt in your next reply.

--------------------------------------------

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click finish.
If an update is found, it will download and install the latest version. Or click the Update tab in MBAM.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad and you may be prompted to restart to finish cleaning.... see Note below.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

--------------------------------------------

Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. UNCHECK the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.

Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
Double click the gmer.exe file
The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

--------------------------------------------

Logs/information to post in next reply:

MBAM log
Gmer log
Uninstall list
How is the pc running?

by **StCharles** » May 19th, 2010, 12:46 am

Thank you for helping!
I will attach the 3 lists, Gmer and the Uninstall list are copy?pasted to word.
Gmer was the hardest to run. My computer would not Save the file. 3 times I ran it, ?
Once even Windows shut down automatically.

Some things you might want to know:
I did not know better but for the last three days I have been running "Avira" scan.
It did not come up with 1/10th of the infected files as your malware scan did.
I did delete LimeWire, no problem for me and no more teenagers using this laptop!
Since the trouble started, sometimes I click on Firefox and I get a message "firefox is already running" then I click Okay, the message closes and I click Firefox again and it opens for me.
For the last two days Firefox is way slower to open than IE. I try not to use IE but my college and my job requires it.
attached are the 3 lists.XXXX I tried that and it is not working. Here goes copy/paste again! Sorry!
Again Thank you! I see your MOTO is "Never give up" Yeah!

Did I get them all? I will check back after 5:30 pm Chicago time Wednesday 5/19/2010

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4116

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2010 10:22:42 PM
mbam-log-2010-05-18 (22-22-42).txt

Scan type: Quick scan
Objects scanned: 146360
Time elapsed: 15 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 28
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 9
Files Infected: 99

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dinput832.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13c4f831-5195-4b13-85f6-d3980a4b2623} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{13c4f831-5195-4b13-85f6-d3980a4b2623} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c487bb58909 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{13c4f831-5195-4b13-85f6-d3980a4b2623} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{13c4f831-5195-4b13-85f6-d3980a4b2623} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dinput832.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dinput832.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drprov32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dinput832.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\Karen\Desktop\QuickTime_Update_KB611793.exe (Malware.Ackantta) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryptdlg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dimsntfy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dispex32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dskquota32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eventcls32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avwav32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfsshlex32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgnet32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3gpclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3gpclnt3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnhpast32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnmodem32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpvvox32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapqec32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapsvc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieaksie32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cliconfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmcfg3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmcfg323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basesrv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bcmwlpkt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\httpapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\A3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\C5.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\27.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\2D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\30.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\37.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\5.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\6E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Local Settings\Temp\7.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724124213218.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724124656984.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724134928484.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725072217968.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725114538781.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725173030968.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725181931203.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725182444328.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725183644031.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725224540015.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726075935703.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726083855562.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726104445296.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726171035343.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727093329671.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727144112593.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727205417843.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727205520000.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727225739515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080729182841250.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080729183154156.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080729224511468.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080730122359328.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080730122707078.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080730130149843.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080730203328953.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080731142101515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080731205641640.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080801001531375.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080801100757171.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080803162232015.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080804221704578.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu517857538v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu517857538v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu517857538v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu517857538v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu517857538v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu517857538v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu517857538v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu517857538v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u517857538v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\atmadm2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
NEXT LIST BELOW!!!!!!!!!!!!!!!!

uninstall list 5/18/2010
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Belkin Setup and Router Monitor
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell DataSafe Online
Dell Support Center
Dell Wireless WLAN Card Utility
Digital Line Detect
Documentation & Support Launcher
GameHouse
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mighty Math Number Heroes
Modem Helper
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
PowerDVD 5.7
Puppy Luv
QualxServ Service Agreement
QuickSet
QuickTime
RealPlayer
Revo Uninstaller 1.83
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sierra Utilities
Super Solvers Reading Ages 9-12
Synaptics Pointing Device Driver
The ClueFinders Reading Adventures Ages 9-12
Typer Shark Deluxe
Typer Shark Deluxe (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
VoiceOver Kit
Where in the World Is Carmen Sandiego? Treasures of Knowledge
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XoftSpySE
ZoneAlarm

by **Airscape** » May 19th, 2010, 3:30 pm

Hi StCharles,

Can you please post the Gmer log.

Also, from now on just copy/paste all logs into the reply, don't attach any.

by **StCharles** » May 19th, 2010, 6:57 pm

Sorry, I thought I had posted Gmer,
Things are getting really weird and slow on my computer. Just now Microsoft Office Word would NOT open,
Thank you for helping me!!
Gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-19 17:51:29
Windows 5.1.2600 Service Pack 3
Running: ipxx0bbe.exe; Driver: C:\DOCUME~1\Karen\LOCALS~1\Temp\pxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xED841FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xED83EC80]
SSDT F7CBE25E ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xED842580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xED856900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xED856B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xED85AB10]
SSDT F7CBE254 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xED842670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xED83F210]
SSDT F7CBE263 ZwDeleteKey
SSDT F7CBE26D ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xED856280]
SSDT span.sys ZwEnumerateKey [0xF73E9DA4]
SSDT span.sys ZwEnumerateValueKey [0xF73EA132]
SSDT F7CBE272 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xED859F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xED83F070]
SSDT span.sys ZwOpenKey [0xF73D10C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xED858180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xED857F40]
SSDT span.sys ZwQueryKey [0xF73EA20A]
SSDT span.sys ZwQueryValueKey [0xF73EA08A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xED85A6F0]
SSDT F7CBE27C ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xED841BE0]
SSDT F7CBE277 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xED842190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xED83F440]
SSDT F7CBE268 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xED857200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xED857080]

INT 0x62 ? 8556ABF8
INT 0x63 ? 8540BBF8
INT 0x63 ? 8540BBF8
INT 0x83 ? 8556ABF8
INT 0x84 ? 8540BBF8
INT 0xA4 ? 8540BBF8
INT 0xB4 ? 8540BBF8
INT 0xB4 ? 8540BBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 12 Bytes [80, 25, 84, ED, 00, 69, 85, ...] {AND BYTE [0x6900ed84], 0x85; IN EAX, DX; ADC [EBX-0x7b], CH; IN EAX, DX}
? span.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6BAB8AC 5 Bytes JMP 8540B1D8
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

by **Airscape** » May 20th, 2010, 9:54 am

Hi again,

Download/Run ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe ---- use Internet Explorer for this link -> right click and select "save target as"

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to do this can be found here
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please post the following in your next reply:
C:\ComboFix.txt
Update on how the computer is running

by **StCharles** » May 20th, 2010, 5:52 pm

Hello, I followed instructions,
I disabled Avira Anti-Virus ( got a closed umbrella)
I closed Zone Alarm and I disabled Windows Firewall.

I ran ComboFix.
It ran somewhat OK. The things I saw were:
after the message "ComboFix preparing to run, attempting to create a new system Restore Point" then I got "Failed Download" message
Then it scanned through stage 50, while it was doing that Avira Anti-Virus popped up ?? I closed it quickly.
Then COmboFix says "Deleting files" "Deleting Folders"
It reboted Windows (again) and the message popped up:
ComboFix -- Find3M
Preparing Log Report
Do not run a program until ComboFix has finished.

Well, it never ran the report. after ten minutes I did clicl inside that message, the curser was blinking but no report?
I will follow your instructions for what to do next.
The computer seems to be running quite a bit better but I did not use it to much to check it out, I was afraid of ruining something.
Thank You, Thank you!

by **Airscape** » May 21st, 2010, 6:35 am

Did you check to see if the log is here (using my computer) if it ran it should have produced a log, I need to see it. Thanks:

C:\ComboFix.txt

by **StCharles** » May 21st, 2010, 11:52 am

I found it, What a "newbie" I am !

After Combo fix ran, two things:
Avira found a bad file "trojan" something, and,
I got that weird message that "firefox is already running" : Here is the log:

ComboFix 10-05-20.04 - Karen 05/20/2010 15:58:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.524 [GMT -5:00]
Running from: C:\Documents and Settings\Karen\My Documents\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Karen\Application Data\02000000c05daad8909C.manifest
C:\Documents and Settings\Karen\Application Data\02000000c05daad8909O.manifest
C:\Documents and Settings\Karen\Application Data\02000000c05daad8909P.manifest
C:\Documents and Settings\Karen\Application Data\02000000c05daad8909S.manifest
C:\Program Files\Fast Browser Search
C:\WINDOWS\system32\1991629887
C:\WINDOWS\system32\drivers\etc\lmhosts
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\unrar.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-19 02:53:34 . 2010-05-19 02:53:34 -------- d-----w- C:\Documents and Settings\Karen\Application Data\Malwarebytes
2010-05-19 02:53:19 . 2010-04-29 20:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-05-19 02:53:16 . 2010-05-19 02:53:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-19 02:53:16 . 2010-04-29 20:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-05-19 02:53:15 . 2010-05-19 02:53:22 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-14 21:21:26 . 2008-06-02 16:42:40 143360 ----a-w- C:\WINDOWS\system32\bcmwlapi.dll
2010-05-14 19:12:14 . 2010-05-14 19:12:14 -------- d-----w- C:\Documents and Settings\Karen\Local Settings\Application Data\Citrix
2010-05-13 02:30:21 . 2010-05-13 02:30:21 -------- d-----w- C:\Program Files\Common Files\ParetoLogic
2010-05-13 02:30:21 . 2010-05-13 02:30:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2010-05-13 02:30:18 . 2010-05-13 02:30:18 -------- d-----w- C:\Program Files\Common Files\XoftSpySE
2010-05-13 02:30:17 . 2010-05-13 02:30:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\XoftSpySE
2010-05-13 02:30:14 . 2010-05-13 02:30:23 -------- d-----w- C:\Program Files\XoftSpySE6
2010-05-13 00:33:30 . 2010-05-13 00:33:30 -------- d-----w- C:\Documents and Settings\Karen\Application Data\MSNInstaller
2010-05-12 23:14:47 . 2010-05-12 23:14:47 -------- d-----w- C:\Program Files\Belkin
2010-05-12 17:35:29 . 2010-05-12 17:35:29 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Citrix
2010-05-12 17:34:43 . 2010-05-12 17:34:43 -------- d-----w- C:\Program Files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 03:00:56 . 2008-09-14 01:12:45 -------- d-----w- C:\Documents and Settings\Karen\Application Data\LimeWire
2010-05-17 19:31:19 . 2008-09-14 01:12:15 -------- d-----w- C:\Program Files\LimeWire
2010-05-16 21:44:26 . 2010-05-17 14:07:26 2621440 ----a-w- C:\WINDOWS\Internet Logs\xDB60.tmp
2010-05-16 19:23:18 . 2010-05-16 21:28:34 2625536 ----a-w- C:\WINDOWS\Internet Logs\xDB5F.tmp
2010-05-14 16:07:47 . 2009-10-11 00:09:29 -------- d-----w- C:\Program Files\RealArcade
2010-05-14 15:07:57 . 2010-03-13 00:46:10 439816 ----a-w- C:\Documents and Settings\Karen\Application Data\Real\Update\setup3.10\setup.exe
2010-05-14 00:41:56 . 2009-06-19 20:27:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-13 14:05:48 . 2010-05-13 14:05:48 388096 ----a-r- C:\Documents and Settings\Karen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-13 14:05:46 . 2008-01-17 02:25:48 -------- d-----w- C:\Program Files\Trend Micro
2010-05-13 00:32:08 . 2009-11-15 16:42:00 -------- d-----w- C:\Program Files\UNO Undercover
2010-05-12 20:56:21 . 2009-10-23 16:21:18 -------- d-----w- C:\Program Files\PopCap Games
2010-05-12 20:54:53 . 2008-05-29 02:41:27 -------- d-----w- C:\Program Files\half life
2010-05-12 20:52:17 . 2009-12-28 00:12:40 -------- d-----w- C:\Program Files\Burger Shop
2010-05-12 15:04:13 . 2008-12-12 19:18:51 15683790 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.zip
2010-05-11 23:15:45 . 2009-10-21 13:44:30 41 ----a-w- C:\WINDOWS\popcinfo.dat
2010-05-11 03:51:36 . 2010-05-11 13:28:40 2534400 ----a-w- C:\WINDOWS\Internet Logs\xDB5E.tmp
2010-05-10 14:53:31 . 2008-01-17 02:31:09 -------- d-----w- C:\Program Files\Google
2010-05-10 12:13:27 . 2010-05-10 12:13:27 0 ----a-w- C:\WINDOWS\system32\D1.tmp
2010-05-10 12:13:27 . 2010-05-10 12:13:27 0 ----a-w- C:\WINDOWS\system32\D0.tmp
2010-05-08 16:24:37 . 2010-05-08 16:54:07 80896 ----a-w- C:\WINDOWS\Internet Logs\xDB5D.tmp
2010-05-07 03:53:22 . 2008-02-03 17:00:24 36962 ----a-w- C:\Documents and Settings\Karen\Application Data\wklnhst.dat
2010-05-06 20:35:42 . 2010-05-06 21:42:08 1406464 ----a-w- C:\WINDOWS\Internet Logs\xDB5C.tmp
2010-05-01 05:50:26 . 2010-05-01 16:49:36 2492416 ----a-w- C:\WINDOWS\Internet Logs\xDB5B.tmp
2010-04-20 03:08:00 . 2009-12-09 00:40:26 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-17 08:02:59 . 2010-04-17 12:48:38 2465792 ----a-w- C:\WINDOWS\Internet Logs\xDB5A.tmp
2010-03-10 06:15:52 . 2004-08-10 18:51:27 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-02-27 19:07:32 . 2010-02-27 19:07:00 21345631 ----a-w- C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2010_02_27_12_49_22_full.dmp.zip
2010-02-25 06:24:37 . 2004-08-10 18:51:29 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-02-24 13:11:07 . 2008-01-17 01:54:40 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-01-09 03:07:52 . 2010-01-09 02:41:34 22075557 ----a-w- C:\Program Files\yahoo_hoteldash_tm6-6.exe.part
2010-01-09 02:41:44 . 2010-01-09 02:41:44 0 ----a-w- C:\Program Files\yahoo_hoteldash_tm6-6.exe
2010-01-06 21:50:30 . 2010-01-06 21:31:05 25740144 ----a-w- C:\Program Files\wmp11-windowsxp-x86-enu.exe
2009-08-31 14:00:44 . 2009-08-31 14:00:32 336 ----a-w- C:\Program Files\temp995.bat
.

------- Sigcheck -------

[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
[-] 2004-08-04 04:59:44 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys
[-] 2004-08-04 11:00:00 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 11:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

[-] 2008-04-13 18:39:47 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39:47 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
[-] 2004-08-04 04:58:34 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ndis.sys
[-] 2004-08-04 11:00:00 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys
[-] 2007-02-09 11:10:35 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] . . C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 11:00:00 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 11:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[-] 2008-06-20 10:45:13 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 17:20:55 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244 (xpsp_sp2_gdr.071030-1259)] . . C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-04 11:00:00 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

[-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\browser.dll
[-] 2004-08-04 11:00:00 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
[-] 2004-08-04 11:00:00 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
[-] 2005-08-22 18:29:46 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] . . C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[-] 2004-08-04 11:00:00 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\bits\qmgr.dll
[-] 2004-08-04 11:00:00 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\rpcss.dll
[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\rpcss.dll
[-] 2008-04-14 00:12:04 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 00:12:04 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 04:39:49 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] . . C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[-] 2005-04-28 19:31:11 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665 (xpsp_sp2_gdr.050427-1553)] . . C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 11:00:00 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\services.exe
[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\services.exe
[-] 2008-04-14 00:12:34 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12:34 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\services.exe
[-] 2004-08-04 11:00:00 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 00:12:36 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12:36 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\spoolsv.exe
[-] 2005-06-10 23:53:32 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] . . C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[-] 2004-08-04 11:00:00 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 00:11:51 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11:51 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\system32\comctl32.dll
[-] 2006-08-25 15:45:58 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82 (xpsp.060825-0040)] . . C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
[-] 2004-08-04 11:00:00 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32:22 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . C:\WINDOWS\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
[-] 2008-04-14 00:11:53 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11:53 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39:45 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[-] 2004-08-04 11:00:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . C:\WINDOWS\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
[-] 2004-08-04 11:00:00 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\kernel32.dll
[-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\dllcache\kernel32.dll
[-] 2008-04-14 00:11:56 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11:56 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 15:52:53 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] . . C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
[-] 2005-09-01 01:41:53 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] . . C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 11:00:00 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2004-08-04 11:00:00 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
[-] 2004-08-04 11:00:00 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 17:46:57 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
[-] 2008-06-20 17:46:57 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
[-] 2008-06-20 17:41:10 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 00:12:01 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 00:12:01 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 11:00:00 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
[-] 2004-08-04 11:00:00 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
[-] 2004-08-04 11:00:00 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
[-] 2004-08-04 11:00:00 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
[-] 2004-08-04 11:00:00 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
[-] 2004-08-04 11:00:00 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
[-] 2005-07-08 16:27:56 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] . . C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 11:00:00 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2007-03-08 15:36:28 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
[-] 2004-08-04 11:00:00 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
[-] 2004-08-04 11:00:00 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 10:23:07 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2004-08-04 11:00:00 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe
[-] 2004-08-04 11:00:00 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
[-] 2004-08-04 11:00:00 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
[-] 2004-08-04 11:00:00 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
[-] 2004-08-04 11:00:00 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[-] 2004-08-04 11:00:00 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\shsvcs.dll
[-] 2006-12-19 21:52:18 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
[-] 2004-08-04 11:00:00 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
[-] 2004-08-04 11:00:00 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
[-] 2004-08-04 11:00:00 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
[-] 2004-08-04 11:00:00 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-04 11:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
[-] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 04:39:38 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . C:\WINDOWS\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys
[-] 2004-08-04 05:07:42 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
[-] 2004-08-04 11:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\system32\mfc40u.dll
[-] 2006-11-01 19:17:45 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . C:\WINDOWS\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
[-] 2004-08-04 11:00:00 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll
[-] 2004-09-15 18:27:52 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-15 18:27:52 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
[-] 2004-08-04 11:00:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
[-] 2007-02-05 20:17:02 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
[-] 2004-08-04 11:00:00 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-11 00:24:36 39408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 17:12:06 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 17:47:54 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2008-06-02 16:42:54 2220032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-10 00:56:24 202544]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 17:06:26 282624]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 20:03:00 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 00:57:14 16384]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 05:10:22 981384]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 18:08:47 209153]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 03:21:52 198160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 07:54:42 417792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 10:17:36 149280]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-05-14 19:12:15 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42:51 36272 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29:52 49152 ------w- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 02:21:26 141600 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-11 00:24:36 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Guest\\My Documents\\dictionaries\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Movie Maker\\moviemk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [2/14/2010 6:08:30 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [6/23/2009 4:17:06 PM 108289]
S3 XoftSpyService;XoftSpyService;C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe [10/23/2009 4:58:06 PM 582424]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);C:\WINDOWS\system32\drivers\ZD1211BU.sys [6/19/2009 2:57:53 PM 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34:12 . 2008-07-30 18:34:12]

2010-05-18 C:\WINDOWS\Tasks\ParetoLogic Registration3.job
- C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58:22 . 2009-10-23 21:58:22]

2010-05-13 C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
- C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58:22 . 2009-10-23 21:58:22]

2010-05-16 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE6\XoftSpySELauncher.exe [2009-10-23 21:58:12 . 2009-10-23 21:58:12]
.

by **Airscape** » May 22nd, 2010, 6:17 pm

It seems there may be parts missing. Please double check to see if that is the complete log.

by **StCharles** » May 23rd, 2010, 7:41 pm

I copied and Pasted from the bottom to the top.
Now I can't find it even after running the same search that found it last time.
What should I do Now?
Thank you for helping me, I really appreciate you!

by **Airscape** » May 25th, 2010, 8:39 am

Hi StCharles, ok no worries.

Recovery Console
Is there some reason you did not install the Recovery Console. With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
Download the file & save it as it's originally named. Save the file to the desktop of your computer
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Drag the setup package onto ComboFix.exe and drop it
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console
At the next prompt, click No to exit

------------------------------------

Update ComboFix
Delete the copy of ComboFix you currently have and download and new one from one of these locations:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
A guide to do this can be found here
Double click on ComboFix.exe and follow the prompts.
When finished, it shall produce a log for you. Please post this log in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

by **StCharles** » May 25th, 2010, 2:57 pm

Okay, I hope I did it right. I tried to follow instructions carefully.
I will paste a few lists below:
1:47 PM 5/25/2010ComboFix 10-05-24.07 - Karen 05/25/2010 13:25:43.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.463 [GMT -5:00]
Running from: C:\Documents and Settings\Karen\Recent\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Karen\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
C:\Documents and Settings\Karen\Local Settings\temp\1.tmp\F_IN_BOX.dll
.
---- Previous Run -------
.
C:\Program Files\WinPCap\daemon_mgm.exe
C:\Program Files\WinPCap\npf_mgm.exe
C:\Program Files\WinPCap\rpcapd.exe
C:\WINDOWS\system32\drivers\etc\lmhosts
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-24 16:15:39 . 2010-03-17 13:16:00 27072 ----a-w- C:\WINDOWS\system32\drivers\AFGSp50.sys
2010-05-24 16:15:09 . 2010-05-24 16:15:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Affinegy
2010-05-22 21:20:15 . 2004-09-20 18:44:48 5652 ----a-w- C:\WINDOWS\system32\drivers\bvrp_pci.sys
2010-05-22 20:33:03 . 2010-05-22 20:33:48 -------- d-----w- C:\WINDOWS\system32\NtmsData
2010-05-19 02:53:34 . 2010-05-19 02:53:34 -------- d-----w- C:\Documents and Settings\Karen\Application Data\Malwarebytes
2010-05-19 02:53:19 . 2010-04-29 20:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-05-19 02:53:16 . 2010-05-19 02:53:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-19 02:53:16 . 2010-04-29 20:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-05-19 02:53:15 . 2010-05-19 02:53:22 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-14 21:21:26 . 2008-06-02 16:42:40 143360 ----a-w- C:\WINDOWS\system32\bcmwlapi.dll
2010-05-14 19:12:14 . 2010-05-14 19:12:14 -------- d-----w- C:\Documents and Settings\Karen\Local Settings\Application Data\Citrix
2010-05-13 02:30:21 . 2010-05-13 02:30:21 -------- d-----w- C:\Program Files\Common Files\ParetoLogic
2010-05-13 02:30:21 . 2010-05-13 02:30:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2010-05-13 02:30:18 . 2010-05-13 02:30:18 -------- d-----w- C:\Program Files\Common Files\XoftSpySE
2010-05-13 02:30:17 . 2010-05-13 02:30:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\XoftSpySE
2010-05-13 02:30:14 . 2010-05-13 02:30:23 -------- d-----w- C:\Program Files\XoftSpySE6
2010-05-13 00:33:30 . 2010-05-13 00:33:30 -------- d-----w- C:\Documents and Settings\Karen\Application Data\MSNInstaller
2010-05-12 23:14:47 . 2010-05-12 23:14:47 -------- d-----w- C:\Program Files\Belkin
2010-05-12 17:35:29 . 2010-05-12 17:35:29 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Citrix
2010-05-12 17:34:43 . 2010-05-12 17:34:43 -------- d-----w- C:\Program Files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 21:20:17 . 2008-01-17 02:25:03 -------- d-----w- C:\Program Files\Modem Helper
2010-05-18 03:00:56 . 2008-09-14 01:12:45 -------- d-----w- C:\Documents and Settings\Karen\Application Data\LimeWire
2010-05-17 19:31:19 . 2008-09-14 01:12:15 -------- d-----w- C:\Program Files\LimeWire
2010-05-16 21:44:26 . 2010-05-17 14:07:26 2621440 ----a-w- C:\WINDOWS\Internet Logs\xDB60.tmp
2010-05-16 19:23:18 . 2010-05-16 21:28:34 2625536 ----a-w- C:\WINDOWS\Internet Logs\xDB5F.tmp
2010-05-14 16:07:47 . 2009-10-11 00:09:29 -------- d-----w- C:\Program Files\RealArcade
2010-05-14 00:41:56 . 2009-06-19 20:27:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-13 14:05:46 . 2008-01-17 02:25:48 -------- d-----w- C:\Program Files\Trend Micro
2010-05-13 00:32:08 . 2009-11-15 16:42:00 -------- d-----w- C:\Program Files\UNO Undercover
2010-05-12 20:56:21 . 2009-10-23 16:21:18 -------- d-----w- C:\Program Files\PopCap Games
2010-05-12 20:54:53 . 2008-05-29 02:41:27 -------- d-----w- C:\Program Files\half life
2010-05-12 20:52:17 . 2009-12-28 00:12:40 -------- d-----w- C:\Program Files\Burger Shop
2010-05-12 15:04:13 . 2008-12-12 19:18:51 15683790 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.zip
2010-05-11 23:15:45 . 2009-10-21 13:44:30 41 ----a-w- C:\WINDOWS\popcinfo.dat
2010-05-11 03:51:36 . 2010-05-11 13:28:40 2534400 ----a-w- C:\WINDOWS\Internet Logs\xDB5E.tmp
2010-05-10 14:53:31 . 2008-01-17 02:31:09 -------- d-----w- C:\Program Files\Google
2010-05-10 12:13:27 . 2010-05-10 12:13:27 0 ----a-w- C:\WINDOWS\system32\D1.tmp
2010-05-10 12:13:27 . 2010-05-10 12:13:27 0 ----a-w- C:\WINDOWS\system32\D0.tmp
2010-05-08 16:24:37 . 2010-05-08 16:54:07 80896 ----a-w- C:\WINDOWS\Internet Logs\xDB5D.tmp
2010-05-07 03:53:22 . 2008-02-03 17:00:24 36962 ----a-w- C:\Documents and Settings\Karen\Application Data\wklnhst.dat
2010-05-06 20:35:42 . 2010-05-06 21:42:08 1406464 ----a-w- C:\WINDOWS\Internet Logs\xDB5C.tmp
2010-05-01 05:50:26 . 2010-05-01 16:49:36 2492416 ----a-w- C:\WINDOWS\Internet Logs\xDB5B.tmp
2010-04-20 03:08:00 . 2009-12-09 00:40:26 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-17 08:02:59 . 2010-04-17 12:48:38 2465792 ----a-w- C:\WINDOWS\Internet Logs\xDB5A.tmp
2010-03-10 06:15:52 . 2004-08-10 18:51:27 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-02-27 19:07:32 . 2010-02-27 19:07:00 21345631 ----a-w- C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2010_02_27_12_49_22_full.dmp.zip
2010-02-25 06:24:37 . 2004-08-10 18:51:29 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-01-09 03:07:52 . 2010-01-09 02:41:34 22075557 ----a-w- C:\Program Files\yahoo_hoteldash_tm6-6.exe.part
2010-01-09 02:41:44 . 2010-01-09 02:41:44 0 ----a-w- C:\Program Files\yahoo_hoteldash_tm6-6.exe
2010-01-06 21:50:30 . 2010-01-06 21:31:05 25740144 ----a-w- C:\Program Files\wmp11-windowsxp-x86-enu.exe
2009-08-31 14:00:44 . 2009-08-31 14:00:32 336 ----a-w- C:\Program Files\temp995.bat
.

------- Sigcheck -------

[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
[-] 2004-08-04 04:59:44 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys
[-] 2004-08-04 11:00:00 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 11:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

[-] 2008-04-13 18:39:47 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39:47 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
[-] 2004-08-04 04:58:34 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ndis.sys
[-] 2004-08-04 11:00:00 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys
[-] 2007-02-09 11:10:35 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] . . C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 11:00:00 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 11:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[-] 2008-06-20 10:45:13 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 17:20:55 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244 (xpsp_sp2_gdr.071030-1259)] . . C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-04 11:00:00 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

[-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\browser.dll
[-] 2004-08-04 11:00:00 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
[-] 2004-08-04 11:00:00 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
[-] 2005-08-22 18:29:46 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] . . C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[-] 2004-08-04 11:00:00 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\bits\qmgr.dll
[-] 2004-08-04 11:00:00 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\rpcss.dll
[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\rpcss.dll
[-] 2008-04-14 00:12:04 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 00:12:04 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 04:39:49 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] . . C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[-] 2005-04-28 19:31:11 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665 (xpsp_sp2_gdr.050427-1553)] . . C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 11:00:00 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\services.exe
[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\services.exe
[-] 2008-04-14 00:12:34 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12:34 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\services.exe
[-] 2004-08-04 11:00:00 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 00:12:36 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12:36 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\spoolsv.exe
[-] 2005-06-10 23:53:32 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] . . C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[-] 2004-08-04 11:00:00 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 00:11:51 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11:51 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\system32\comctl32.dll
[-] 2006-08-25 15:45:58 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82 (xpsp.060825-0040)] . . C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
[-] 2004-08-04 11:00:00 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32:22 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . C:\WINDOWS\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
[-] 2008-04-14 00:11:53 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11:53 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39:45 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[-] 2004-08-04 11:00:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . C:\WINDOWS\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
[-] 2004-08-04 11:00:00 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\kernel32.dll
[-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\dllcache\kernel32.dll
[-] 2008-04-14 00:11:56 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11:56 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 15:52:53 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] . . C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
[-] 2005-09-01 01:41:53 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] . . C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 11:00:00 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2004-08-04 11:00:00 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
[-] 2004-08-04 11:00:00 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 17:46:57 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
[-] 2008-06-20 17:46:57 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
[-] 2008-06-20 17:41:10 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 00:12:01 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 00:12:01 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 11:00:00 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
[-] 2004-08-04 11:00:00 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
[-] 2004-08-04 11:00:00 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
[-] 2004-08-04 11:00:00 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
[-] 2004-08-04 11:00:00 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
[-] 2004-08-04 11:00:00 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
[-] 2005-07-08 16:27:56 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] . . C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 11:00:00 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2007-03-08 15:36:28 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
[-] 2004-08-04 11:00:00 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
[-] 2004-08-04 11:00:00 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 10:23:07 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2004-08-04 11:00:00 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe
[-] 2004-08-04 11:00:00 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
[-] 2004-08-04 11:00:00 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
[-] 2004-08-04 11:00:00 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
[-] 2004-08-04 11:00:00 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[-] 2004-08-04 11:00:00 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\shsvcs.dll
[-] 2006-12-19 21:52:18 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
[-] 2004-08-04 11:00:00 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
[-] 2004-08-04 11:00:00 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
[-] 2004-08-04 11:00:00 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
[-] 2004-08-04 11:00:00 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-04 11:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
[-] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 04:39:38 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . C:\WINDOWS\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys
[-] 2004-08-04 05:07:42 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
[-] 2004-08-04 11:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\system32\mfc40u.dll
[-] 2006-11-01 19:17:45 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . C:\WINDOWS\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
[-] 2004-08-04 11:00:00 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll
[-] 2004-09-15 18:27:52 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-15 18:27:52 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
[-] 2004-08-04 11:00:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
[-] 2007-02-05 20:17:02 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
[-] 2004-08-04 11:00:00 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-11 00:24:36 39408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 17:12:06 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 17:47:54 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2008-06-02 16:42:54 2220032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-10 00:56:24 202544]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 17:06:26 282624]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 20:03:00 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 00:57:14 16384]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 05:10:22 981384]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 18:08:47 209153]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 03:21:52 198160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 07:54:42 417792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 10:17:36 149280]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768]
"InstaLAN"="C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 13:48:26 1141144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-05-14 19:12:15 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42:51 36272 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29:52 49152 ------w- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 02:21:26 141600 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-11 00:24:36 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Guest\\My Documents\\dictionaries\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Movie Maker\\moviemk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [6/23/2009 4:17:06 PM 108289]
S3 XoftSpyService;XoftSpyService;C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe [10/23/2009 4:58:06 PM 582424]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);C:\WINDOWS\system32\drivers\ZD1211BU.sys [6/19/2009 2:57:53 PM 402432]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [2/14/2010 6:08:30 PM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34:12 . 2008-07-30 18:34:12]

2010-05-23 C:\WINDOWS\Tasks\ParetoLogic Registration3.job
- C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58:22 . 2009-10-23 21:58:22]

2010-05-13 C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
- C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58:22 . 2009-10-23 21:58:22]

2010-05-23 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE6\XoftSpySELauncher.exe [2009-10-23 21:58:12 . 2009-10-23 21:58:12]
.
And then this list below: I don't remeber why I saved it.

http://en.wikipedia.org/wiki/Central_Tr ... ganization

http://www.globalsecurity.org/military/ops/suez.htm
http://en.wikipedia.org/wiki/Suez_Crisis
http://www.historylearningsite.co.uk/2095.htm

http://www.spartacus.schoolnet.co.uk/COLDsuez.htm

http://en.wikipedia.org/wiki/Iranian_Revolution

http://en.wikipedia.org/wiki/Iran_hostage_crisis

I am grateful for your help. Be sure to treat me like the newbie that I am. Instructions should be in the order that you want them done. I will work hard to follow them carefully.
I understand that Your committment is malware removal but if you see a software reson why my laptop will not connect to ANY wi-fi signal and you can give me a hint on how to fix it, I would be forever grateful. The timing is the same as the virus problem.
Thanks again Airscape ! You rock !

by **Airscape** » May 26th, 2010, 3:21 pm

Hi,

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
Click the Start button in bottom left of TFC
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted.
It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

-----------------------------------

Right click on ComboFix.exe and copy/paste it onto the Desktop before doing the following.

Make sure any remaining security programs are disabled. See Here

Run CFScript

Click > Start > Run > type Notepad > click OK

Copy/Paste the following text inside the code box into Notepad: (don't include the word code)

Code: Select all

KillAll::

Folder::
C:\Documents and Settings\Karen\Application Data\LimeWire
C:\Program Files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
"C:\\Documents and Settings\\Guest\\My Documents\\dictionaries\\LimeWire\\LimeWire.exe"=-

Goto File > Save as... and save it CFScript.txt
Now drag the CFScript.txt file into ComboFix.exe as shown in the animation below... This will start ComboFix again.
When finished, it shall produce a log for you at "C:\ComboFix.txt"
The tool may require a reboot - this is normal.
Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Security Application Check

Please download SecurityCheck.exe by screen317 from Here or Here and save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

-----------------------------------

Kaspersky online scan
Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.

-----------------------------------

Logs/information to post in next reply:

ComboFix.txt
checkup.txt
Kaspersky report.
How is the pc running?

Free Malware Removal Forum

redirect problem

redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Re: redirect problem

Who is online