Sign in to follow this  
Solokan

Malware

Recommended Posts

DDS (Ver_09-07-30.01) - NTFSx86

Run by Lee ##notallowed at 13:01:37.29 on Thu 09/03/2009

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.212 [GMT -4:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\reader_s.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Lee ##notallowed\reader_s.exe

C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

c:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Lee ##notallowed\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uLocal Page = \blank.htm

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.myspace.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.myspace.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {761e780a-8778-4154-b000-e6467f8c5033} - c:\windows\system32\kosojebi.dll

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

uRun: [reader_s] c:\documents and settings\lee ##notallowed\reader_s.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [reader_s] c:\windows\system32\reader_s.exe

mRun: [iyuzuga] rundll32.exe "c:\windows\ixulidupayazada.dll",e

mRun: [CPMdb4bdd13] Rundll32.exe "c:\windows\system32\sawubiyi.dll",a

mRun: [kikabamoze] Rundll32.exe "c:\windows\system32\lihelani.dll",s

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: pcpitstop.com

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

Notify: winctrl32 - WinCtrl32.dll

AppInit_DLLs: c:\windows\system32\sorusodi.dll c:\windows\system32\sawubiyi.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sawubiyi.dll

STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\sawubiyi.dll

LSA: Notification Packages = scecli c:\windows\system32\sorusodi.dll wi2tl1ap.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\leesch~1\applic~1\mozilla\firefox\profiles\8o3s7wit.default\

FF - prefs.js: browser.startup.homepage - www.myspace.com

FF - plugin: c:\documents and settings\lee ##notallowed\application data\mozilla\firefox\profiles\8o3s7wit.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll

FF - HiddenExtension: XUL Cache: {46708313-7E9F-414F-81DF-A09D29743CCB} - c:\documents and settings\lee ##notallowed\local settings\application data\{46708313-7E9F-414F-81DF-A09D29743CCB}

FF - HiddenExtension: XUL Cache: {D5DD0884-5CA7-4438-A46C-EC7FEE7D764F} - c:\documents and settings\administrator\local settings\application data\{d5dd0884-5ca7-4438-a46c-ec7fee7d764f}\

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]

S0 winsy63;winsy63;c:\windows\system32\drivers\winsy63.sys --> c:\windows\system32\drivers\Winsy63.sys [?]

S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]

S3 File;File;c:\windows\system32\File.sys [2006-10-31 8320]

S3 Ingelirsw;Ingelirsw; [x]

S3 mKernel;mKernel;\??\c:\documents and settings\lee ##notallowed\desktop\loa\wmfup.sys --> c:\documents and settings\lee ##notallowed\desktop\loa\WMFUP.sys [?]

S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2006-2-7 19232]

S3 XDva008;XDva008;\??\c:\windows\system32\xdva008.sys --> c:\windows\system32\XDva008.sys [?]

S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]

S3 XDva076;XDva076;\??\c:\windows\system32\xdva076.sys --> c:\windows\system32\XDva076.sys [?]

S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

 

=============== Created Last 30 ================

 

2009-09-01 18:39 158,208 a------- c:\windows�000344.tmp

2009-09-01 18:39 45,056 a------- c:\windows�026444.tmp

2009-09-01 18:22 <DIR> --d----- c:\program files\NortonInstaller

2009-09-01 16:22 21,380 a------- c:\windows\system32\AAWService_2009_09_01_16_22_22.dmp

2009-09-01 15:59 23,696 a------- c:\windows\system32\AAWService_2009_09_01_15_59_56.dmp

2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings

2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton

2009-09-01 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller

2009-09-01 11:45 24,576 a------- c:\windows\system32\userinit.exe

2009-08-23 16:01 23,163 a------- c:\windows\system32\AAWService_2009_08_23_16_01_39.dmp

2009-08-22 21:49 25,055 a------- c:\windows\system32\AAWService_2009_08_22_21_49_46.dmp

 

==================== Find3M ====================

 

2009-09-03 13:01 100,590 a------- c:\windows\system32\drivers\3c96cf9.sys

2009-09-01 18:39 30,208 a------- c:\windows\system32\reader_s.exe

2009-09-01 18:39 30,208 a------- c:\documents and settings\lee ##notallowed\reader_s.exe

2009-09-01 17:39 158,208 a------- c:\windows\ixulidupayazada.dll

2009-09-01 17:39 45,056 a------- c:\windows\wi2tl1ap.dll

2009-09-01 16:47 88,064 a--sh--- c:\windows\system32\telonapi.dll

2009-09-01 16:47 80,384 a--sh--- c:\windows\system32\wavowibi.dll

2007-01-17 20:33 1,443,213 a------- c:\docume~1\leesch~1\applic~1\Install.dat

2005-11-09 22:04 13 a------- c:\program files\autobans.txt

2005-09-01 17:04 10,156,943 a------- c:\program files\avg70free_289a392.exe

2009-03-28 16:10 61,440 a--sh--- c:\windows\system32\gemuhede.exe

2009-03-28 16:10 81,408 a--sh--- c:\windows\system32\lomehuda.dll

0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\sorusodi.dll.vir

 

============= FINISH: 13:02:05.16 ===============

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/31/2005 5:11:20 PM

System Uptime: 9/3/2009 12:51:45 PM (1 hours ago)

 

Motherboard: Dell Computer Corporation | | Dimension 8100

Processor: Intel® Pentium® 4 CPU 1800MHz | Microprocessor | 1779/100mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 128 GiB total, 94.993 GiB free.

D: is CDROM (CDFS)

F: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Unsupported Device

Device ID: ACPI\MGMT180\2&DABA3FF&0

Manufacturer: Unknown

Name: Unsupported Device

PNP Device ID: ACPI\MGMT180\2&DABA3FF&0

Service:

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0

Manufacturer: 3Com

Name: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0

Service: EL90XBC

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

 

Ad-Aware

Adobe Flash Player Plugin

Adobe Photoshop CS

Adobe Reader 6.0.1

Adobe Shockwave Player

AIM Pro

AirPlus G

ANIO Service

ANIWZCS2 Service

AOL Uninstaller (Choose which Products to Remove)

AVI Movie Player

Belkin 54g USB Network Adapter

BUFFALO Client Manager 3

Counter-Strike

Counter-Strike

Critical Update for Windows Media Player 11 (KB959772)

DNA

Easy CD & DVD Creator 6

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Install(US)2

J2SE Runtime Environment 5.0 Update 3

Life and Health Insurance

LimeWire PRO 4.12.11

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Word Viewer 97

Microsoft XML Parser and SDK

Mozilla Firefox (3.0.8)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

NVIDIA Drivers

PC Pitstop Optimize2 2.0

Picasa 2

QuickTime

Santa Cruz

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944338)

Security Update for Windows XP (KB944533)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB947864)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Starcraft

Steam

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Ventrilo Client

Ventrilo Server

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Warcraft III: All Products

WebFldrs XP

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Service Pack 2

WinRAR archiver

Xfire (remove only)

 

==== Event Viewer Messages From Past Week ========

 

9/1/2009 8:50:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

9/1/2009 8:49:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/1/2009 8:49:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BUFADPT cdudf_xp eectrl Fips intelppm IPSec NetBT RasAcd sptd Tcpip

9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

9/1/2009 5:51:18 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

9/1/2009 5:51:18 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Lee ##notallowed\Desktop\buDump.exe. Reference error message: The operation completed successfully. .

9/1/2009 5:51:18 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

9/1/2009 5:48:25 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

9/1/2009 5:03:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eectrl sptd

9/1/2009 4:21:15 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

9/1/2009 4:07:05 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.

9/1/2009 4:01:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

9/1/2009 4:01:49 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.

9/1/2009 4:01:49 PM, error: Service Control Manager [7002] - The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.

 

==== End Of File ===========================

Attach.zip

Edited by Solokan

Share this post


Link to post
Share on other sites

Hi,

 

Please post contents of attach.txt file as you did for dds.txt file - as plain text in your post.

Share this post


Link to post
Share on other sites

DNA

LimeWire PRO 4.12.11

 

Both above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

 

 

Download the latest version of Kaspersky Virus Removal Tool Kaspersky Virus Removal Tool

 

* Close all other applications and double-click and run the installer.

* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.

* If malware is detected, don't remove anything.

* After the scan finishes, don't neutralize anything.

* In the Scan window click the Reports button and select Save to file.

* Name the report AVPT.txt, and save it to the Desktop.

* Close AVPTool.

* You will be prompted if you want to uninstall the program; click Yes.

* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.

* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Share this post


Link to post
Share on other sites
Links didn't work for Kasperky.

Something that I was afraid of.

 

Does GMER still look like it's progressing anyway? If it is, let it attempt the run without doing anything else on background since that won't make it any faster.

 

After that, let's see if you're able to upload following files to either Virscan or Virustotal and post back scan results for each of them:

C:\WINDOWS\System32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

Share this post


Link to post
Share on other sites

GMER 1.0.15.15077 [yt7zw57p.exe] - http://www.gmer.net

Rootkit scan 2009-09-03 15:01:12

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\drivers\3c96cf9.sys ZwCreateEvent [0xF891F62D]

SSDT \SystemRoot\System32\drivers\3c96cf9.sys ZwCreateKey [0xF891D705]

SSDT \SystemRoot\System32\drivers\3c96cf9.sys ZwOpenKey [0xF891D7C5]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8846C10]

 

Code 8333D4D0 pIofCallDriver

 

---- Kernel code sections - GMER 1.0.15 ----

 

? C:\WINDOWS\System32\drivers\3c96cf9.sys The system cannot find the file specified.

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 3c96cf9.sys

Device \Driver\NDIS \Device\Ndis [83317982] NDIS.sys[.reloc]

Device \Driver\Tcpip \Device\Ip 3c96cf9.sys

Device \Driver\Tcpip \Device\Tcp 3c96cf9.sys

Device \Driver\Tcpip \Device\Udp 3c96cf9.sys

Device \Driver\Tcpip \Device\RawIp 3c96cf9.sys

Device \Driver\Tcpip \Device\IPMULTICAST 3c96cf9.sys

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0xBD 0xA1 0xAB 0x96 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0xE8 0xD9 0x19 0xCE ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\[email protected] 0xA9 0xEB 0x42 0x47 ...

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\UACkftpxmjd.sys

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] file system

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACkftpxmjd.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACladlvntu.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACefnmpxet.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UAChcockbao.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACmyyxrgqj.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACdykmrnir.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACkctlmsjy.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACgvivwlqp.log

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACuuilklve.log

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACaaxjoato.log

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\[email protected] 2

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\[email protected] 7

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\[email protected] 4

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\[email protected] 4

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\[email protected] 4

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\[email protected] 7

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \SystemRoot\System32\drivers\3c96cf9.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] YmluZGVyeXNlcnZpY2UubW9iaQ==

Reg HKLM\SYSTEM\CurrentControlSet\services\MRxDAV\[email protected]

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\CfgD79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 0xBD 0xA1 0xAB 0x96 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\CfgD79C293C1ED61418462E24595C90D04000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 0xE8 0xD9 0x19 0xCE ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\[email protected] 0xA9 0xEB 0x42 0x47 ...

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \SystemRoot\System32\drivers\3c96cf9.sys

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0xBD 0xA1 0xAB 0x96 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0xE8 0xD9 0x19 0xCE ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\[email protected] 0xA9 0xEB 0x42 0x47 ...

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\UACkftpxmjd.sys

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] file system

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACkftpxmjd.sys

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACladlvntu.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACefnmpxet.dat

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UAChcockbao.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACmyyxrgqj.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACdykmrnir.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACkctlmsjy.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACgvivwlqp.log

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACuuilklve.log

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACaaxjoato.log

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\[email protected] 2

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\[email protected] 7

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\[email protected] 4

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\[email protected] 4

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\[email protected] 4

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\[email protected] 7

Reg HKLM\SYSTEM\controlset004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\[email protected] 256

Reg HKLM\SYSTEM\controlset004\services\[email protected] \SystemRoot\System32\drivers\3c96cf9.sys

Reg HKLM\SYSTEM\controlset004\services\[email protected] 1

Reg HKLM\SYSTEM\controlset004\services\[email protected] 1

Reg HKLM\SYSTEM\controlset004\services\[email protected] 1

Reg HKLM\SYSTEM\controlset004\services\[email protected] YmluZGVyeXNlcnZpY2UubW9iaQ==

Reg HKLM\SYSTEM\controlset004\services\MRxDAV\[email protected]

Reg HKLM\SYSTEM\controlset004\services\sptd\CfgD79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\controlset004\services\sptd\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\controlset004\services\sptd\[email protected] 0

Reg HKLM\SYSTEM\controlset004\services\sptd\[email protected] 0xBD 0xA1 0xAB 0x96 ...

Reg HKLM\SYSTEM\controlset004\services\sptd\CfgD79C293C1ED61418462E24595C90D04000001

Reg HKLM\SYSTEM\controlset004\services\sptd\[email protected] 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\controlset004\services\sptd\[email protected] 0xE8 0xD9 0x19 0xCE ...

Reg HKLM\SYSTEM\controlset004\services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40

Reg HKLM\SYSTEM\controlset004\services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\[email protected] 0xA9 0xEB 0x42 0x47 ...

 

---- Files - GMER 1.0.15 ----

 

File C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys (size mismatch) 182656/182912 bytes executable

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\drivers\symndis.sys (size mismatch) 35256/182912 bytes executable

File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 161536/182912 bytes executable

 

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

VirSCAN.org Scanned Report :

Scanned time : 2009/08/24 16:57:03 (CDT)

Scanner results: All Scanners reported not find malware!

File Name : lsass.exe

File Size : 13312 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 84885f9b82f4d55c6146ebf6065d75d2

SHA1 : 6473b34c05bc63eb0d66cad83355e6938cbe97e9

Online report : http://virscan.org/report/b1a2e5661f83a7df...2392699912.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20090824170206 2009-08-24 0.42 -

AhnLab V3 2009.08.25.00 2009.08.25 2009-08-25 0.77 -

AntiVir 8.2.1.3 7.1.5.156 2009-08-24 0.46 -

Antiy 2.0.18 20090824.2730530 2009-08-24 0.12 -

Arcavir 2009 200908241822 2009-08-24 0.03 -

Authentium 5.1.1 200908241920 2009-08-24 1.20 -

AVAST! 4.7.4 090824-0 2009-08-24 0.00 -

AVG 8.5.288 270.13.65/2324 2009-08-24 0.32 -

BitDefender 7.81008.3912851 7.27325 2009-08-25 3.35 -

CA (VET) 9.0.0.143 31.6.6697 2009-08-25 5.10 -

ClamAV 0.95.2 9732 2009-08-24 0.01 -

Comodo 3.10 2084 2009-08-24 0.70 -

CP Secure 1.1.0.715 2009.08.23 2009-08-23 0.04 -

Dr.Web 4.44.0.9170 2009.08.24 2009-08-24 5.20 -

F-Prot 4.4.4.56 20090824 2009-08-24 1.15 -

F-Secure 7.02.73807 2009.08.24.10 2009-08-24 0.13 -

Fortinet 2.81-3.120 10.753 2009-08-24 0.20 -

GData 19.7358/19.450 20090824 2009-08-24 4.81 -

ViRobot 20090824 2009.08.24 2009-08-24 0.41 -

Ikarus T3.1.01.68 2009.08.24.73346 2009-08-24 3.68 -

JiangMin 11.0.800 2009.08.23 2009-08-23 4.56 -

Kaspersky 5.5.10 2009.08.24 2009-08-24 0.05 -

KingSoft 2009.2.5.15 2009.8.24.22 2009-08-24 0.52 -

McAfee 5.3.00 5719 2009-08-24 3.09 -

Microsoft 1.4903 2009.08.24 2009-08-24 5.66 -

Norman 6.01.09 6.01.00 2009-08-24 4.01 -

Panda 9.05.01 2009.08.24 2009-08-24 1.94 -

Trend Micro 8.700-1004 6.390.10 2009-08-24 0.03 -

Quick Heal 10.00 2009.08.24 2009-08-24 1.06 -

Rising 20.0 21.44.04.00 2009-08-24 0.79 -

Sophos 2.89.1 4.44 2009-08-25 3.26 -

Sunbelt 5352 5352 2009-08-24 1.38 -

Symantec 1.3.0.24 20090824.002 2009-08-24 0.05 -

nProtect 20090823.01 5121977 2009-08-23 6.30 -

The Hacker 6.3.4.3 v00386 2009-08-22 0.67 -

VBA32 3.12.10.9 20090823.1723 2009-08-23 1.86 -

VirusBuster 4.5.11.10 10.112.15/1802658 2009-08-24 2.20 -

 

VirSCAN.org Scanned Report :

Scanned time : 2009/08/29 04:27:02 (CDT)

Scanner results: All Scanners reported not find malware!

File Name : svchost.exe

File Size : 14336 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 8f078ae4ed187aaabc0a305146de6716

SHA1 : da0ff4006859a7580aba81f486f692dead2014fe

Online report : http://virscan.org/report/7fd639ce1f831be4...c7187ca60a.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20090827231036 2009-08-27 4.04 -

AhnLab V3 2009.08.29.01 2009.08.29 2009-08-29 1.15 -

AntiVir 8.2.1.7 7.1.5.179 2009-08-28 11.02 -

Antiy 2.0.18 20090829.2740346 2009-08-29 0.12 -

Arcavir 2009 200908281637 2009-08-28 0.03 -

Authentium 5.1.1 200908282142 2009-08-28 1.17 -

AVAST! 4.7.4 090828-0 2009-08-28 0.00 -

AVG 8.5.288 270.13.71/2333 2009-08-29 0.33 -

BitDefender 7.81008.3916331 7.27412 2009-08-29 3.36 -

CA (VET) 9.0.0.143 31.6.6706 2009-08-29 9.81 -

ClamAV 0.95.2 9757 2009-08-28 0.01 -

Comodo 3.11 2135 2009-08-29 0.81 -

CP Secure 1.3.0.5 2009.08.28 2009-08-28 0.04 -

Dr.Web 4.44.0.9170 2009.08.29 2009-08-29 10.30 -

F-Prot 4.4.4.56 20090827 2009-08-27 1.27 -

F-Secure 7.02.73807 2009.08.28.09 2009-08-28 8.35 -

Fortinet 2.81-3.120 10.772 2009-08-29 0.20 -

GData 19.7461/19.456 20090829 2009-08-29 8.71 -

ViRobot 20090828 2009.08.28 2009-08-28 0.43 -

Ikarus T3.1.01.68 2009.08.29.73397 2009-08-29 3.79 -

JiangMin 11.0.800 2009.08.29 2009-08-29 5.29 -

Kaspersky 5.5.10 2009.08.28 2009-08-28 0.06 -

KingSoft 2009.2.5.15 2009.8.28.21 2009-08-28 0.51 -

McAfee 5.3.00 5723 2009-08-28 3.23 -

Microsoft 1.5005 2009.08.29 2009-08-29 5.80 -

Norman 6.01.09 6.01.00 2009-08-28 4.03 -

Panda 9.05.01 2009.08.27 2009-08-27 1.14 -

Trend Micro 8.700-1004 6.402.05 2009-08-28 0.03 -

Quick Heal 10.00 2009.08.29 2009-08-29 1.72 -

Rising 20.0 21.44.40.00 2009-08-28 1.12 -

Sophos 2.89.1 4.44 2009-08-29 3.33 -

Sunbelt 5360 5360 2009-08-28 3.46 -

Symantec 1.3.0.24 20090828.037 2009-08-28 0.06 -

nProtect 20090829.01 5149263 2009-08-29 10.42 -

The Hacker 6.3.4.3 v00390 2009-08-28 1.38 -

VBA32 3.12.10.10 20090828.2023 2009-08-28 1.78 -

VirusBuster 4.5.11.10 10.112.20/1826778 2009-08-28 2.26 -

 

VirSCAN.org Scanned Report :

Scanned time : 2009/08/07 06:32:54 (CDT)

Scanner results: All Scanners reported not find malware!

File Name : spoolsv.exe

File Size : 57856 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : da81ec57acd4cdc3d4c51cf3d409af9f

SHA1 : 7047ed8bd91f3e57972483feaa56e3499cd8c668

Online report : http://virscan.org/report/d1a7e076b7da81e3...9e58baec28.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.3 20090807183124 2009-08-07 0.38 -

AhnLab V3 2009.08.07.03 2009.08.07 2009-08-07 0.79 -

AntiVir 8.2.0.246 7.1.5.84 2009-08-07 0.31 -

Antiy 2.0.18 20090804.2672262 2009-08-04 0.12 -

Arcavir 2009 200908071009 2009-08-07 0.04 -

Authentium 5.1.1 200908070805 2009-08-07 1.46 -

AVAST! 4.7.4 090806-1 2009-08-06 0.01 -

AVG 8.5.288 270.13.45/2287 2009-08-07 0.38 -

BitDefender 7.81008.3834660 7.27044 2009-08-07 3.37 -

CA (VET) 9.0.0.143 31.6.6661 2009-08-06 3.88 -

ClamAV 0.95.2 9662 2009-08-07 0.04 -

Comodo 3.10 1896 2009-08-07 0.91 -

CP Secure 1.1.0.715 2009.08.06 2009-08-06 11.97 -

Dr.Web 4.44.0.9170 2009.08.07 2009-08-07 5.14 -

F-Prot 4.4.4.56 20090807 2009-08-07 1.28 -

F-Secure 7.02.73807 2009.07.29.10 2009-07-29 0.04 -

Fortinet 2.81-3.120 10.689 2009-08-07 0.25 -

GData 19.6928/19.430 20090807 2009-08-07 5.12 -

ViRobot 20090807 2009.08.07 2009-08-07 0.42 -

Ikarus T3.1.01.64 2009.08.07.73193 2009-08-07 3.29 -

JiangMin 11.0.800 2009.08.07 2009-08-07 4.75 -

Kaspersky 5.5.10 2009.08.07 2009-08-07 0.06 -

KingSoft 2009.2.5.15 2009.8.7.18 2009-08-07 0.75 -

McAfee 5.3.00 5700 2009-08-06 3.05 -

Microsoft 1.4903 2009.08.07 2009-08-07 5.30 -

Norman 6.01.09 6.01.00 2009-08-06 4.01 -

Panda 9.05.01 2009.08.06 2009-08-06 3.38 -

Trend Micro 8.700-1004 6.348.03 2009-08-06 0.03 -

Quick Heal 10.00 2009.08.07 2009-08-07 1.30 -

Rising 20.0 21.41.43.00 2009-08-07 0.86 -

Sophos 2.89.1 4.44 2009-08-07 3.40 -

Sunbelt 5316 5316 2009-08-05 1.46 -

Symantec 1.3.0.24 20090806.006 2009-08-06 0.05 -

nProtect 20090807.01 4975345 2009-08-07 8.34 -

The Hacker 6.3.4.3 v00377 2009-08-04 0.79 -

VBA32 3.12.10.9 20090806.1454 2009-08-06 1.81 -

VirusBuster 4.5.11.10 10.111.5/1836163 2009-08-06 2.33 -

Share this post


Link to post
Share on other sites

Hello again,

 

 

Please visit this webpage for download links, and instructions for running ComboFix tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Please ensure you read this guide carefully and install the Recovery Console first.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should see a blue screen prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
     
     
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

 

Please include the following reports for further review, and so we may continue cleansing the system:

 

C:\ComboFix.txt

New dds.txt log.

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Share this post


Link to post
Share on other sites
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

If ComboFix is going to harsh my computer even more then I'm not going to run it.

Share this post


Link to post
Share on other sites

I believe you had system in worse shape earlier with that logon loop than ComboFix would cause there. Anyway, it's your decision. If you don't want to take those steps then we'll have to end this topic. Let me know what you want to do.

Share this post


Link to post
Share on other sites
I believe you had system in worse shape earlier with that logon loop than ComboFix would cause there. Anyway, it's your decision. If you don't want to take those steps then we'll have to end this topic. Let me know what you want to do.

 

You raise a good point but I can't help but be curious about what might end up happening. What are the risks of using it?

Share this post


Link to post
Share on other sites

In worst case system would have problems to boot up. However, I don't think odds are high for that. There's also possibility that you'll have to reformat anyway. So, there's not much to lose.

Share this post


Link to post
Share on other sites

ComboFix 09-09-06.06 - Lee ##notallowed 09/07/2009 18:50.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.216 [GMT -4:00]

Running from: c:\documents and settings\Lee ##notallowed\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Lee ##notallowed\Application Data\Install.dat

c:\documents and settings\Lee ##notallowed\reader_s.exe

c:\recycler\NPROTECT

c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556

c:\recycler\S-1-5-21-7161548017-0962100167-378416720-2659

c:\windows\Installer\34b798e.msp

c:\windows\Installer\ea8b08.msi

c:\windows\instsp2.exe

c:\windows\system32\ahtn.htm

c:\windows\system32\drivers\3c96cf9.sys

c:\windows\system32\dumphive.exe

c:\windows\system32\lomehuda.dll

c:\windows\system32\Process.exe

c:\windows\system32\reader_s.exe

c:\windows\system32\uacinit.dll

c:\windows\wi2tl1ap.dll

 

c:\windows\system32\drivers\ndis.sys . . . is infected!!

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_3c96cf9

 

 

((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))

.

 

2009-09-02 00:49 . 2009-09-02 00:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{D5DD0884-5CA7-4438-A46C-EC7FEE7D764F}

2009-09-01 22:22 . 2009-09-02 00:50 -------- d-----w- c:\program files\NortonInstaller

2009-09-01 19:56 . 2009-09-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2009-09-01 19:56 . 2009-09-02 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-09-01 19:54 . 2009-09-01 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-09-01 15:45 . 2004-08-04 00:56 24576 ----a-w- c:\windows\system32\userinit.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 00:52 . 2005-09-05 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-09-01 22:39 . 2009-09-01 22:39 45056 ----a-w- c:\windows�026444.tmp

2009-09-01 22:39 . 2009-09-01 22:39 158208 ----a-w- c:\windows�000344.tmp

2009-09-01 22:36 . 2005-09-05 17:49 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-09-01 21:39 . 2001-08-23 12:00 158208 ----a-w- c:\windows\ixulidupayazada.dll

2009-09-01 20:47 . 2009-06-01 20:47 88064 --sha-w- c:\windows\system32\telonapi.dll

2009-09-01 20:47 . 2009-06-01 20:47 80384 --sha-w- c:\windows\system32\wavowibi.dll

2009-09-01 19:57 . 2005-09-05 17:49 -------- d-----w- c:\documents and settings\Lee ##notallowed\Application Data\Symantec

2005-11-10 02:04 . 2005-11-10 02:04 13 ----a-w- c:\program files\autobans.txt

2005-09-01 21:04 . 2005-09-01 21:04 10156943 ----a-w- c:\program files\avg70free_289a392.exe

2009-03-28 20:10 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\gemuhede.exe

1601-01-01 00:12 . 1601-01-01 00:12 49152 --sha-w- c:\windows\system32\sorusodi.dll.vir

.

 

------- Sigcheck -------

 

[-] 0F7D9C87B0CE1FA520473119752C6F79 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 8F078AE4ED187AAABC0A305146DE6716 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\svchost.exe

[-] 27C6D03BCDB8CFEB96B716F3D8BE3E18 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe

[-] 8F078AE4ED187AAABC0A305146DE6716 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\svchost.exe

 

[-] 1800F293BCCC8EDE8A70E12B88D80036 [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 7AA4F6C00405DFC4B70ED4214E7D687B [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] BE57A5C3ABD240514B98F6BCA872FB21 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\user32.dll

[-] C72661F8552ACE7C5C85E16A3CF505C4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\user32.dll

[-] DE2DB164BBB35DB061AF0997E4499054 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB925902$\user32.dll

[-] C72661F8552ACE7C5C85E16A3CF505C4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\user32.dll

[-] B26B135FF1B9F60C9388B4A7D16F600B [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll

[-] B409909F6E2E8A7067076ED748ABF1E7 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\system32\user32.dll

[-] B409909F6E2E8A7067076ED748ABF1E7 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\system32\dllcache\user32.dll

 

[-] 8529C295DF59B564D37A73B5629162B1 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2ED0B7F12A60F90092081C50FA0EC2B2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2CCC474EB85CEAA3E1FA1726580A3E5A [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll

[-] 2ED0B7F12A60F90092081C50FA0EC2B2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\ws2_32.dll

 

[-] B258C922D22DEEC880B60720531D7627 [6.00.2900.3086 (xpsp_sp2_qfe.070218-2342)] c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll

[-] 4261BA03AFD659DE04F0A17DFBDD454D [6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)] c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll

[-] E1A3DD68B5380B360A7310A64D9BB188 [6.00.2900.3164 (xpsp_sp2_qfe.070626-1258)] c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll

[-] A1BC17EB3758D73C3938B2318820F5B4 [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll

[-] 80D660A49E0D118144423099B2A9F5DA [6.00.2900.3231 (xpsp_sp2_qfe.071010-1316)] c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll

[-] 085A7C37F9C6EDE1BA870B7DBEC06399 [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll

[-] BB1EACD6AB47E78EBCA02EB781550D55 [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

[-] 2E7DE1BF9418B071799EB53DE8CC22F5 [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

[-] 2B0C24AA747A93A28987B6D65A4A74BC [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

[-] 26F240C250E5B4B395CB4B178BA75437 [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

[-] 611ACE3F4201E9610AF8452F7C268995 [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll

[-] F12FBB673DE9CC802C5DC518FE99AA2F [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll

[-] 972299B7241EC325D8C7E5638C884925 [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

[-] C91E3A6EF094202F6B5CA8960DFCF243 [6.00.2900.3429 (xpsp_sp2_qfe.080819-1244)] c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

[-] 9AF5F25124FBDC36E2B510729CBA2674 [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

[-] 94418F53D2612C26DBADC04DAFBC197C [6.00.2900.5659 (xpsp_sp3_qfe.080819-1352)] c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[-] 93C9D0A216498EE14EB9B26119BB95EE [6.00.2900.3462 (xpsp_sp2_qfe.081015-1657)] c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll

[-] 1576318BF08D28CC61D1278114AD8D5B [6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll

[-] E8FCE58A470999350F64C591557F9E42 [6.00.2900.5694 (xpsp_sp3_qfe.081015-1409)] c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

[-] 6626545292428AE1ED5B4237404B346A [6.00.2737.800] c:\windows\$NtServicePackUninstall$\wininet.dll

[-] CF9F1EEF71F42EDE71B6F4AA05D5CA1A [6.00.2600.0000 (xpclient.010817-1148)] c:\windows\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll

[-] C0823FC5469663BA63E7DB88F9919D70 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931768$\wininet.dll

[-] 30D1C47E40EFBB792FF8D3C3B51CE507 [6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)] c:\windows\$NtUninstallKB933566$\wininet.dll

[-] B7156CD97E739F3014BC4D61758F868A [6.00.2900.3121 (xpsp_sp2_gdr.070418-1302)] c:\windows\$NtUninstallKB937143$\wininet.dll

[-] 184E47C8F7B331025E6DC92740DB188F [6.00.2900.3164 (xpsp_sp2_gdr.070626-1259)] c:\windows\$NtUninstallKB939653$\wininet.dll

[-] 1901AD51DA8BE9F8B38D5D526E5D1788 [6.00.2900.3199 (xpsp_sp2_gdr.070821-1257)] c:\windows\$NtUninstallKB942615$\wininet.dll

[-] 2005AD86A22AEE68E21EE59F9CCB77F2 [6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)] c:\windows\$NtUninstallKB944533$\wininet.dll

[-] 57D1B5150CF6331FAC6B3E04C1FCB966 [6.00.2900.3268 (xpsp_sp2_gdr.071206-1518)] c:\windows\$NtUninstallKB947864$\wininet.dll

[-] 0C690E77C0E924C45B4D7045B182FFF1 [6.00.2900.3314 (xpsp_sp2_gdr.080215-1241)] c:\windows\$NtUninstallKB950759$\wininet.dll

[-] 1EFB8A3EA8454AEC1BB8A240A2845598 [6.00.2900.3354 (xpsp_sp2_gdr.080417-1412)] c:\windows\$NtUninstallKB953838$\wininet.dll

[-] 9EEA04BC4C3FA521D256D89940FAB4DB [6.00.2900.3395 (xpsp_sp2_gdr.080623-1307)] c:\windows\$NtUninstallKB956390$\wininet.dll

[-] 87E694D09893978F22024FEEEDF35342 [6.00.2900.3429 (xpsp_sp2_gdr.080819-1231)] c:\windows\$NtUninstallKB958215$\wininet.dll

[-] C0823FC5469663BA63E7DB88F9919D70 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\wininet.dll

[-] 6B2735ADFF5A5D3B9130CA4A794722F0 [6.00.2900.3020 (xpsp_sp2_gdr.061023-0214)] c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2gdr\wininet.dll

[-] 231EF4179ACABE486376B5CA893F1076 [6.00.2900.3020 (xpsp.061023-0222)] c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2qfe\wininet.dll

[-] B7156CD97E739F3014BC4D61758F868A [6.00.2900.3121 (xpsp_sp2_gdr.070418-1302)] c:\windows\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\wininet.dll

[-] 4261BA03AFD659DE04F0A17DFBDD454D [6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)] c:\windows\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\wininet.dll

[-] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll

[-] 6F1E4BFD78C4E0D05FF3725D59B72925 [6.00.2900.3462 (xpsp_sp2_gdr.081015-1244)] c:\windows\system32\wininet.dll

[-] 6F1E4BFD78C4E0D05FF3725D59B72925 [6.00.2900.3462 (xpsp_sp2_gdr.081015-1244)] c:\windows\system32\dllcache\wininet.dll

 

[-] B2220C618B42A2212A59D91EBD6FC4B4 [5.1.2600.2892 (xpsp.060420-0256)] c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 64798ECFA43D78C7178375FCDD16D8C8 [5.1.2600.3244 (xpsp_sp2_qfe.071030-1255)] c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 744E57C99232201AE98C49168B918F48 [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] AD978A1B783B5719720CFF204B666C8E [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] E7774698BB0D14B0710A9A31E209F9B6 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 9F4B36614A0FC234525BA224957DE55C [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 1DBF125862891817F374F407626967F4 [5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)] c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 90CAFF4B094573449A0872A0F919B178 [5.1.2600.3244 (xpsp_sp2_gdr.071030-1259)] c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 9F4B36614A0FC234525BA224957DE55C [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 93EA8D04EC73A85DB02EB8805988F733 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys

[-] 2A5554FC5B1E04E131230E3CE035C3F9 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\system32\dllcache\tcpip.sys

[-] 2A5554FC5B1E04E131230E3CE035C3F9 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\system32\drivers\tcpip.sys

 

[-] 2B0E480E975EE51F2D5CE5F068FED6E2 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 01C3346C241652F43AED8E2149881BFE [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\winlogon.exe

[-] ED0EF0A136DEC83DF69F04118870003E [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

[-] 01C3346C241652F43AED8E2149881BFE [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\winlogon.exe

 

[-] 558635D3AF1C7546D26067D5D9B6959E [------] c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 558635D3AF1C7546D26067D5D9B6959E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ndis.sys

[-] 558635D3AF1C7546D26067D5D9B6959E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys

[-] 558635D3AF1C7546D26067D5D9B6959E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\dllcache\ndis.sys

[-] 558635D3AF1C7546D26067D5D9B6959E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\drivers\ndis.sys

 

[-] 4448006B6BC60E6C027932CFC38D6855 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 3BB22519A194418D5FEC05D800A19AD0 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys

[-] 4448006B6BC60E6C027932CFC38D6855 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\drivers\ip6fw.sys

 

[-] D8ABA3EAB509627E707A3B14F00FBB6B [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 4D3DBDCCBF97F5BA1E74F322B155C3BA [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 63EC865DFF6CCFC7BEF94B5C50297CAD [5.1.2600.3427 (xpsp_sp2_qfe.080814-1242)] c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[-] 4AC58F03EB94A72809949D757FC39D80 [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[-] A25E9B86EFFB2AF33BF51E676B68BFB0 [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 46E2E3DCF54B819CFB2EBFE48A22B5C9 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 947FB1D86D14AFCFFDB54BF837EC25D0 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 81013F36B21C7F72CF784CC6731E0002 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[-] 515D30E2C90A3665A2739309334C9283 [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] BA002228743B6824D87F0551DBC86D45 [5.1.2600.3427 (xpsp_sp2_gdr.080814-1233)] c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 947FB1D86D14AFCFFDB54BF837EC25D0 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 109F8E3E3C82E337BB71B6BC9B895D61 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe

[-] BA002228743B6824D87F0551DBC86D45 [5.1.2600.3427 (xpsp_sp2_gdr.080814-1233)] c:\windows\system32\ntkrnlpa.exe

[-] BA002228743B6824D87F0551DBC86D45 [5.1.2600.3427 (xpsp_sp2_gdr.080814-1233)] c:\windows\system32\dllcache\ntkrnlpa.exe

 

[-] 28187802B7C368C0D3AEF7D4C382AABB [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 5A5C8DB4AA962C714C8371FBDF189FC9 [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] CE69DBD54221F2D40E49FF6DB77C6507 [5.1.2600.3427 (xpsp_sp2_qfe.080814-1242)] c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[-] EEAF32F8E15A24F62BECB1BD403BB5C5 [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[-] 31914172342BFF330063F343AC6958FE [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] A29222D5281056E497408FCC9062F749 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] CE218BC7088681FAA06633E218596CA7 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 4D4CF2C14550A4B7718E94A6E581856E [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[-] 582A8DBAA58C3B1F176EB2817DAEE77C [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 21C91DA9CB53AA8A37041BA9684A8458 [5.1.2600.3427 (xpsp_sp2_gdr.080814-1233)] c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] CE218BC7088681FAA06633E218596CA7 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 0C89243C7C3EE199B96FCC16990E0679 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe

[-] 21C91DA9CB53AA8A37041BA9684A8458 [5.1.2600.3427 (xpsp_sp2_gdr.080814-1233)] c:\windows\system32\ntoskrnl.exe

[-] 21C91DA9CB53AA8A37041BA9684A8458 [5.1.2600.3427 (xpsp_sp2_gdr.080814-1233)] c:\windows\system32\dllcache\ntoskrnl.exe

 

[-] 97BD6515465659FF8F3B7BE375B2EA87 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\explorer.exe

[-] 7712DF0CDDE3A5AC89843E61CD5B3658 [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 5A26FC6010886D25B3E412493DD95ED8 [6.00.2600.0000 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\explorer.exe

[-] A0732187050030AE399B241436565E64 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB938828$\explorer.exe

[-] A0732187050030AE399B241436565E64 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\explorer.exe

[-] 12896823FB95BFB3DC9B46BCAEDC9923 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

[-] 97BD6515465659FF8F3B7BE375B2EA87 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\system32\dllcache\explorer.exe

 

[-] E3DF4A0252D287C44606EE55355E1623 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\services.exe

[-] C6CE6EEC82F187615D1002BB3BB50ED4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\services.exe

[-] 0E776ED5F7CC9F94299E70461B7B8185 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe

[-] C6CE6EEC82F187615D1002BB3BB50ED4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\services.exe

 

[-] 8A590EA109B5E0C7629E022F8A6B17C5 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 84885F9B82F4D55C6146EBF6065D75D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\lsass.exe

[-] BF2466B3E18E970D8A976FB95FC1CA85 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe

[-] 84885F9B82F4D55C6146EBF6065D75D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\lsass.exe

 

[-] 85B1054DB58D13AA42D7DCA778C30F57 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 24232996A38C0B0CF151C2140AE29FC8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 5F1D5F88303D4A4DBC8E5F97BA967CC3 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe

[-] 24232996A38C0B0CF151C2140AE29FC8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\ctfmon.exe

 

[-] AD3D9D191AEA7B5445FE1D82FFBB4788 [5.1.2600.2696 (xpsp.050610-1527)] c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 9B4155BA58192D4073082B8FC5D42612 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 7435B108B935E42EA92CA94F59C8E717 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 7435B108B935E42EA92CA94F59C8E717 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe

[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\system32\spoolsv.exe

 

[-] 585398603F570F9705774D65D292E5D1 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 39B1FFB03C2296323832ACBAE50D2AFF [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\userinit.exe

[-] A93AEE1928A9D7CE3E16D24EC7380F89 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

[-] 39B1FFB03C2296323832ACBAE50D2AFF [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\userinit.exe

 

[-] 458635D2E4559526CF9C895340A38702 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] B60C877D16D9C880B952FDA04ADF16E6 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\termsrv.dll

[-] FF3477C03BE7201C294C35F684B3479F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll

[-] B60C877D16D9C880B952FDA04ADF16E6 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\termsrv.dll

 

[-] 0FDD84928A5DDE2510761B7EC76CCEC9 [5.1.2600.2945 (xpsp.060704-2357)] c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 09F7CB3687F86EDAA4CA081F7AB66C03 [5.1.2600.3119 (xpsp_sp2_qfe.070416-1259)] c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 379B0B31D7F8D2C9F7FF302B454A6C54 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 888190E31455FAD793312F8D087146EB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] D8DB5397DE07577C1CB50BA6D23B3AD4 [5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)] c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 888190E31455FAD793312F8D087146EB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\kernel32.dll

[-] C24B983D211C34DA8FCC1AC38477971D [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll

[-] A01F9CA902A88F7CED06884174D6419D [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] c:\windows\system32\kernel32.dll

[-] A01F9CA902A88F7CED06884174D6419D [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] c:\windows\system32\dllcache\kernel32.dll

 

[-] 865AD7CCB20856727D5BD994B094DC5E [6.00.2600.0000 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 1B5F6923ABB450692E9FE0672C897AED [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 50A166237A0FA771261275A405646CC0 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll

[-] 1B5F6923ABB450692E9FE0672C897AED [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\powrprof.dll

 

[-] E046037FD5BCDF92CE1A122B749B9B09 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 87CA7CE6469577F059297B9D6556D66D [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\imm32.dll

[-] 0DA85218E92526972A821587E6A8BF8F [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll

[-] 87CA7CE6469577F059297B9D6556D66D [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\imm32.dll

 

[-] 2991727809C7AC3A33E4178CC73244D8 [6.00.2900.3086 (xpsp_sp2_qfe.070218-2342)] c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll

[-] 00ADCB32832A10ED9419493BCEA97526 [6.00.2900.3132 (xpsp_sp2_qfe.070504-1301)] c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll

[-] 53F3FD772C010622346C39284C4A863B [6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)] c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll

[-] 885E3BF99EA4B2213901EBC35B34CF12 [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll

[-] 79314A0A6B0DA78AFE491FF2D8B117BA [6.00.2900.3243 (xpsp_sp2_qfe.071029-1244)] c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll

[-] 8A4DD074DEC1B0C063C8493ABF654CBC [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] c:\windows\$hf_mig$\KB944533\SP2QFE\mshtml.dll

[-] 701A6798DDF875CAA3A5099EE75FD57F [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll

[-] 083B967E6B0B2BB539CE6B08D45D631F [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll

[-] FE406DE0651C9E8201DCB0460609D739 [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll

[-] 46A61BA430110F00DD990D058AA3D054 [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll

[-] 1FC693A4EE1D9D9CD78DDA6C87232F6F [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll

[-] F433136C23D13B120412B300D1324A7E [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll

[-] 04EEC0FF4DD3C7041628973CA6832C33 [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll

[-] 20D44D1A5A406CD8E129D3D4F0B5717C [6.00.2900.3429 (xpsp_sp2_qfe.080819-1244)] c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll

[-] 507BDA42F7DB8209C0F0B3556A043491 [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll

[-] BD45470B132A0F98596277323D9F2E5A [6.00.2900.5659 (xpsp_sp3_qfe.080819-1352)] c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll

[-] C99D8B48FC245D98E1A2BAB6594458C9 [6.00.2900.3462 (xpsp_sp2_qfe.081015-1657)] c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll

[-] B846C2DE341CF32B42AD297437233742 [6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll

[-] CC5A2205D37AE67CE23AB7FD3E1FDACA [6.00.2900.5694 (xpsp_sp3_qfe.081015-1409)] c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll

[-] 6D1D493622EA050DBAABD0C4C1DFADB5 [6.00.2900.3492 (xpsp_sp2_qfe.081212-1622)] c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll

[-] C828AA1C5469E72251F3D367005E589F [6.00.2900.5726 (xpsp_sp3_gdr.081212-1450)] c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll

[-] B6DAA74E2ED36C71B502945589A683AE [6.00.2900.5726 (xpsp_sp3_qfe.081212-1451)] c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll

[-] 306671C2A286B50A8FD13D61CCC688E8 [6.00.2745.2800] c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2C8725BBC943212B349B34D11153E5F6 [6.00.2600.0000 (xpclient.010817-1148)] c:\windows\$NtUninstallKB834707-IE6-20040929.115007$\mshtml.dll

[-] 376E0843B2356CA91CEC8D9837A56FF7 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931768$\mshtml.dll

[-] 6B9D083C0D4C4555FE011B01A98872DA [6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)] c:\windows\$NtUninstallKB933566$\mshtml.dll

[-] 4D92717B5BBCE85F1254BAD23B0D357C [6.00.2900.3132 (xpsp_sp2_gdr.070504-1301)] c:\windows\$NtUninstallKB937143$\mshtml.dll

[-] F049C52772FC86FD5F6C16D77A2A6204 [6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)] c:\windows\$NtUninstallKB939653$\mshtml.dll

[-] 591449BD8F2C8090B9259E88C78AE61D [6.00.2900.3199 (xpsp_sp2_gdr.070821-1257)] c:\windows\$NtUninstallKB942615$\mshtml.dll

[-] DA077E334961230C12E3E4D62626286E [6.00.2900.3243 (xpsp_sp2_gdr.071029-1246)] c:\windows\$NtUninstallKB944533$\mshtml.dll

[-] DA9377A57A277170C78095C0E8BD8C85 [6.00.2900.3268 (xpsp_sp2_gdr.071206-1518)] c:\windows\$NtUninstallKB947864$\mshtml.dll

[-] 77DBF6075405494AD6B6A99E2C732F86 [6.00.2900.3314 (xpsp_sp2_gdr.080215-1241)] c:\windows\$NtUninstallKB950759$\mshtml.dll

[-] C75C6AD32C28BCE0D14E1CA2AB4862DC [6.00.2900.3354 (xpsp_sp2_gdr.080417-1412)] c:\windows\$NtUninstallKB953838$\mshtml.dll

[-] 74B5A84AC8FCF52C249B74C3D2A3E7B8 [6.00.2900.3395 (xpsp_sp2_gdr.080623-1307)] c:\windows\$NtUninstallKB956390$\mshtml.dll

[-] B83EB71C2052E05D13D690A224357441 [6.00.2900.3429 (xpsp_sp2_gdr.080819-1231)] c:\windows\$NtUninstallKB958215$\mshtml.dll

[-] 9C2C058E341E6B627789EF88D3B98445 [6.00.2900.3462 (xpsp_sp2_gdr.081015-1244)] c:\windows\$NtUninstallKB960714$\mshtml.dll

[-] 376E0843B2356CA91CEC8D9837A56FF7 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 5FC7DE1195C8E9B5360FD65DBE95E5B0 [6.00.2900.3020 (xpsp_sp2_gdr.061023-0214)] c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2gdr\mshtml.dll

[-] 88E1C15BB1A9ED3CBA4D6F2F408D5010 [6.00.2900.3020 (xpsp.061023-0222)] c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2qfe\mshtml.dll

[-] 4D92717B5BBCE85F1254BAD23B0D357C [6.00.2900.3132 (xpsp_sp2_gdr.070504-1301)] c:\windows\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\mshtml.dll

[-] 00ADCB32832A10ED9419493BCEA97526 [6.00.2900.3132 (xpsp_sp2_qfe.070504-1301)] c:\windows\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\mshtml.dll

[-] A706E122B398FE1AB85CB9B75D044223 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mshtml.dll

[-] C8169B4320AC0CB8D1ED20454322E839 [6.00.2900.3492 (xpsp_sp2_gdr.081212-1610)] c:\windows\system32\mshtml.dll

[-] C8169B4320AC0CB8D1ED20454322E839 [6.00.2900.3492 (xpsp_sp2_gdr.081212-1610)] c:\windows\system32\dllcache\mshtml.dll

 

[-] 9C30CD464D87102497FD7C32910E6253 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] EBDEE8A2EE5393890A1ACEE971C4C246 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 463C1EC80CD17420A542B7F36A36F128 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys

[-] EBDEE8A2EE5393890A1ACEE971C4C246 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\drivers\kbdclass.sys

 

[-] 1F51839ECCF908FD86558198909262E4 [2001.12.4414.42] c:\windows\$NtServicePackUninstall$\comres.dll

[-] 6728270CB7DBB776ED086F5AC4C82310 [2001.12.4414.258] c:\windows\ServicePackFiles\i386\comres.dll

[-] 1280A158C722FA95A80FB7AEBE78FA7D [2001.12.4414.700] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll

[-] 6728270CB7DBB776ED086F5AC4C82310 [2001.12.4414.258] c:\windows\system32\comres.dll

 

[-] 55990CA08692E2739A8DDCE0B04352AC [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 74D66B3DE265E8789153414E75175F26 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\lpk.dll

[-] 012DF358CEBAA23ACB26D82077820817 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll

[-] 74D66B3DE265E8789153414E75175F26 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\lpk.dll

 

[-] DA1F27D85E0D1525F6621372E7B685E9 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\dllcache\beep.sys

[-] DA1F27D85E0D1525F6621372E7B685E9 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\drivers\beep.sys

 

[-] 73C1E1F395918BC2C6DD67AF7591A3AD [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\dllcache\null.sys

[-] 73C1E1F395918BC2C6DD67AF7591A3AD [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\drivers\null.sys

 

[-] DDF8D47ACF8FC3FE5F7F2B95C4D4D136 [4.1.6140] c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] CDDD4416B2B4C7295FE3FDB6DDE57E4E [4.1.0.61] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll

[-] 925F8B61ED301A317BA850EBEECBDAA0 [4.1.0.61] c:\windows\system32\mfc40u.dll

[-] 925F8B61ED301A317BA850EBEECBDAA0 [4.1.0.61] c:\windows\system32\dllcache\mfc40u.dll

 

[-] DA383FB39A6F1C445F3AFC94B3EB1248 [5.1.2600.2665 (xpsp.050427-1553)] c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] C369DF215D352B6F3A0B8C3469AA34F8 [5.1.2600.2726 (xpsp.050725-1531)] c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] A8ECCC0674E43497E0A425A03A12F654 [5.1.2600.135 (xpclnt_qfe.021108-2107)] c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 3F1C4DC5F03535E544996968DD225837 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\$NtUninstallKB828741$\rpcss.dll

[-] 5C83A4408604F737717AB96371201680 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] C8061F289E000703E7672916B7FE1571 [5.1.2600.2665 (xpsp_sp2_gdr.050427-1553)] c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 4EA08A8BBDF8DDEE0F173BB999C153C3 [5.1.2600.1361 (xpsp2.040109-1800)] c:\windows\$xpsp1hfm$\KB828741\rpcss.dll

[-] 5C83A4408604F737717AB96371201680 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2589FE6015A316C0F5D5112B4DA7B509 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll

[-] CE94A2BD25E3E9F4D46A7373FF455C6D [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] c:\windows\system32\rpcss.dll

 

[-] A81487520F11F65BF270D50EE29887B2 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 95FD808E4AC22ABA025A7B3EAC0375D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 986B1FF5814366D71E0AC5755C88F2D3 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll

[-] 95FD808E4AC22ABA025A7B3EAC0375D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\msgsvc.dll

 

[-] 1C38C4D90DD3C07A1946E4D5005EE928 [5.82 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] A77DFB85FAEE49D66C74DA6024EBC69B [5.82 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] A77DFB85FAEE49D66C74DA6024EBC69B [5.82 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\comctl32.dll

[-] E48A8A28835914878C9716E71032A10C [6.0 (xpsp2.060713-0016)] c:\windows\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 06F247492BC786CE5C24A23E178C711A [5.82 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll

[-] BD38D1EBE24A46BD3EDA059560AFBA12 [6.0 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll

[-] B0124CB21D28B1C9F678B566B6B57D92 [5.82 (xpsp.060825-0040)] c:\windows\system32\comctl32.dll

[-] B0124CB21D28B1C9F678B566B6B57D92 [5.82 (xpsp.060825-0040)] c:\windows\system32\dllcache\comctl32.dll

[-] AEF3D788DBF40C7C4D204EA45EB0C505 [6.0 (xpclient.010817-1148)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 5AF68A5E44734A082442668E9C787743 [6.0 (xpsp_sp2_rtm.040803-2158)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] C4E80875C1CF1222FC5EFD0314AE5C01 [6.0 (xpsp.060825-0040)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[-] 9859C0F6936E723E4892D7141B1327D5 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\system32\drivers\acpiec.sys

 

[-] 52BB2A508CB3EB8AAA5F6F142F5B73D6 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\sfc.dll

[-] E8A12A12EA9088B4327D49EDCA3ADD3E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\sfc.dll

[-] 96E1C926F22EE1BFBAE82901A35F6BF3 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll

[-] E8A12A12EA9088B4327D49EDCA3ADD3E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\sfc.dll

 

[-] F41C1602DC79AB72035F2388FCA0255F [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 96353FCECBA774BB8DA74A1C6507015A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 1B7F071C51B77C272875C3A23E1E4550 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll

[-] 96353FCECBA774BB8DA74A1C6507015A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\netlogon.dll

 

[-] 696AC82FB290A03F205901442E0E9589 [6.6.2600.1569 (xpsp2_gdr.040517-1325)] c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 3E6ACF2CD2E8C19B16E4B42D08CA3838 [6.0.2600.0 (xpclient.010817-1148)] c:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2C69EC7E5A311334D10DD95F338FCCEA [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 574738F61FCA2935F5265DC4E5691314 [6.7.2600.5512 (xpsp.080413-2108)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll

[-] 2C69EC7E5A311334D10DD95F338FCCEA [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\qmgr.dll

[-] 696AC82FB290A03F205901442E0E9589 [6.6.2600.1569 (xpsp2_gdr.040517-1325)] c:\windows\system32\bits\qmgr.dll

 

[-] 73968C834C316ADC7A2F07DC4B5F3665 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 0F78E27F563F2AAF74B91A49E2ABF19A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\scecli.dll

[-] A86BB5E61BF3E39B62AB4C7E7085A084 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

[-] 0F78E27F563F2AAF74B91A49E2ABF19A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\scecli.dll

 

[-] A510B91253544D56B5712D66BE8371E9 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 82B24CB70E5944E6E34662205A2A5B78 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 6D4FEB43EE538FC5428CC7F0565AA656 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll

[-] 82B24CB70E5944E6E34662205A2A5B78 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\eventlog.dll

 

[-] 03F403B07A884FC2AA54A0916C410931 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 02000ABF34AF4C218C35D257024807D6 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] B153AFFAC761E7F5FCFA822B9C4E97BC [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys

[-] 02000ABF34AF4C218C35D257024807D6 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\drivers\asyncmac.sys

 

[-] 05AB81909514BFD69CBB1F2C147CF6B9 [5.1.2600.3081 (xpsp_sp2_qfe.070209-0034)] c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 70FAE0DCFDFAA0838D6778FCA028CE01 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] B78BE402C3F63DD55521F73876951CDD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] B78BE402C3F63DD55521F73876951CDD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 78A08DD6A8D65E697C18E1DB01C5CDCA [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys

[-] 19A811EF5F1ED5C926A028CE107FF1AF [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] c:\windows\system32\dllcache\ntfs.sys

[-] 19A811EF5F1ED5C926A028CE107FF1AF [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] c:\windows\system32\drivers\ntfs.sys

 

[-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] C7E39EA41233E9F5B86C8DA3A9F1E4A8 [9.0.1.56] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mspmsnsv.dll

[-] C51B4A5C05A5475708E3C81C7765B71D [11.0.5721.5145] c:\windows\system32\mspmsnsv.dll

 

[-] EEF46DAB68229A14DA3D8E73C99E2959 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 295D21F14C335B53CB8154E5B1F892B9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll

[-] EEF46DAB68229A14DA3D8E73C99E2959 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\xmlprov.dll

 

[-] C1B26CE5483DD20D59BCF608331413E6 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 10654F9DDCEA9C46CFB77554231BE73B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 3D4E199942E29207970E04315D02AD3B [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll

[-] 10654F9DDCEA9C46CFB77554231BE73B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\cryptsvc.dll

 

[-] 34B4B8B9BC07449E9B340C93C468F92A [5.1.2600.105 (xpclnt_qfe.021108-2107)] c:\windows\$NtServicePackUninstall$\browser.dll

[-] 1C9CDCAD17F23BB7206451802307C529 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtUninstallKB835732$\browser.dll

[-] E3CFCCDDA4EDD1D0DC9168B2E18F27B8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\browser.dll

[-] A06CE3399D16DB864F55FAEB1F1927A9 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll

[-] E3CFCCDDA4EDD1D0DC9168B2E18F27B8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\browser.dll

 

[-] 1418A3A6E76E5A2E3F5E43866E793A8B [5.1.2600.2716 (xpsp.050707-1657)] c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 9CD079C25A94D6AB600E0C1C4361281F [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] EB4A4187D74A8EFDCBEA3EA2CB1BDFBD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] EB4A4187D74A8EFDCBEA3EA2CB1BDFBD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 3CB78C17BB664637787C9A1C98F79C38 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll

[-] FB78839B36025AA286A51289ED28B73E [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\system32\tapisrv.dll

 

[-] 1DFCA7713EA5A70D5D93B436AEA0317A [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 832E4DD8964AB7ACC880B2837CB1ED20 [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] FCEE5FCB99F7C724593365C706D28388 [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 18A8BE5A66B93F9C9615F7D4C148EDE2 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 4E74AF063C3271FBEA20DD940CFD1184 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 4E74AF063C3271FBEA20DD940CFD1184 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\mswsock.dll

[-] B4138E99236F0F57D4CF49BAE98A0746 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll

[-] 097722F235A1FB698BF9234E01B52637 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\system32\mswsock.dll

[-] 097722F235A1FB698BF9234E01B52637 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\system32\dllcache\mswsock.dll

 

[-] 3516D8A18B36784B1005B950B84232E1 [5.1.2600.2743 (xpsp.050819-1528)] c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2B150D3A00137588EB4D68BB30C25214 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\netman.dll

[-] DAB9E6C7105D2EF49876FE92C524F565 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB905414$\netman.dll

[-] DAB9E6C7105D2EF49876FE92C524F565 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\netman.dll

[-] 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll

[-] 36739B39267914BA69AD0610A0299732 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\system32\netman.dll

 

[-] 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 [2001.12.4414.308] c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] A4AB3DCA4A383F0DF4988ABDEB84F9A4 [2001.12.4414.320] c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] D4991D98F2DB73C60D042F1AEF79EFAE [2001.12.4414.706] c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] F17F6226BDC0CD5F0BEF0DAF84D29BEC [2001.12.4414.706] c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 08A859AA98E5991E05E92C3893FD3439 [2001.12.4414.53] c:\windows\$NtServicePackUninstall$\es.dll

[-] F5963768CFD62FDB926FDB588EE69315 [2001.12.4414.42] c:\windows\$NtUninstallKB828741$\es.dll

[-] ACD36A2DD7D1E9D8A060AA651DC07E63 [2001.12.4414.258] c:\windows\$NtUninstallKB902400$\es.dll

[-] 34BBD9ACC1538818F2C878898C64E793 [2001.12.4414.308] c:\windows\$NtUninstallKB950974$\es.dll

[-] B748D0ABBACD362052D4D61DCD562289 [2001.12.4414.53] c:\windows\$xpsp1hfm$\KB828741\es.dll

[-] ACD36A2DD7D1E9D8A060AA651DC07E63 [2001.12.4414.258] c:\windows\ServicePackFiles\i386\es.dll

[-] 19A799805B24990867B00C120D300C3A [2001.12.4414.701] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll

[-] 60D1A6342238378BFB7545C81EE3606C [2001.12.4414.320] c:\windows\system32\es.dll

[-] 60D1A6342238378BFB7545C81EE3606C [2001.12.4414.320] c:\windows\system32\dllcache\es.dll

 

[-] 648BF0B4DDE4F7A1156DAE7174D36EFA [5.1.2600.2751 (xpsp.050831-1531)] c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 7D8C58C0CBB7331E9296A7357827CA8E [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] C2BBD044C741EA4292016C36F718D2E4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] C2BBD044C741EA4292016C36F718D2E4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2DC5A8019E2387987905F77C664E4BE2 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll

[-] A1A688EE56CF3BBD24EDEB815D48E9BA [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\system32\linkinfo.dll

 

[-] 126D90EE937FFEBACEE30BCA13D92F97 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 4B8D61792F7175BED48859CC18CE4E38 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 0A5679B3714EDAB99E357057EE88FCA6 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll

[-] 4B8D61792F7175BED48859CC18CE4E38 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\ssdpsrv.dll

 

[-] 36ACA6CDC19C95FF468A1426EB7F32F0 [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

[-] 6FB00F87EA0CDE9A5657F4E800997440 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 0546477BDE979E33294FE97F6B3DE84A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931261$\upnphost.dll

[-] 0546477BDE979E33294FE97F6B3DE84A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll

[-] ACA5D98663D879C6BAAFCEA7E2F1B710 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\system32\upnphost.dll

[-] ACA5D98663D879C6BAAFCEA7E2F1B710 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\system32\dllcache\upnphost.dll

 

[-] E305E78536FA6649299F71FD8EA9A84D [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 92BDF74F12D6CBEC43C94D4B7F804838 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 3805DF0AC4296A34BA4BF93B346CC378 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll

[-] 92BDF74F12D6CBEC43C94D4B7F804838 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\srsvc.dll

 

[-] 49911DD39E023BB6C45E4E436CFBD297 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] F92E1076C42FCD6DB3D72D8CFE9816D5 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe

[-] 49911DD39E023BB6C45E4E436CFBD297 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\wscntfy.exe

 

[-] C63415DEFA08D7BD244E636C97B32F3D [5.1.2400.1] c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] B62F29C00AC55A761B2E45877D85EA0F [5.1.2400.2180] c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 156F64A3345BD23C600655FB4D10BC08 [5.1.2400.5512] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll

[-] B62F29C00AC55A761B2E45877D85EA0F [5.1.2400.2180] c:\windows\system32\ntmssvc.dll

 

[-] 442ED09256E1D55D128219CF1AB27554 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\rasauto.dll

[-] 44DB7A9BDD2FB58747D123FBF1D35ADB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\rasauto.dll

[-] AD188BE7BDF94E8DF4CA0A55C00A5073 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasauto.dll

[-] 44DB7A9BDD2FB58747D123FBF1D35ADB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\rasauto.dll

 

[-] 9E415EFDF50F26BCBC97C80F4E6C30CC [5.1.2600.0 (XPClient.010817-1148)] c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 30A609E00BD1D4FFC49D6B5A432BE7F2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 9DD07AF82244867CA36681EA2D29CE79 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll

[-] 30A609E00BD1D4FFC49D6B5A432BE7F2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\sfcfiles.dll

 

[-] F6E2095CBC14522CEACD2853620FAF4D [4.71.2600.1 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 92360854316611F6CC471612213C3D92 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 0A9A7365A1CA4319AA7C1D6CD8E4EAFA [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll

[-] 92360854316611F6CC471612213C3D92 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\schedsvc.dll

 

[-] 9DF4527D53613601D3F79946EAA1DCB1 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 3151427DB7D87107D1C5BE58FAC53960 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 5B19B557B0C188210A56A6B699D90B8F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll

[-] 3151427DB7D87107D1C5BE58FAC53960 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\regsvc.dll

 

[-] 53D9184A21C5CBF600D918E51EF3A7E5 [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] AB2F114874D9D990A16EBC9372628489 [6.00.2600.0000 (xpclient.010817-1148)] c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] E7518DC542D3EBDCB80EDD98462C7821 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] E7518DC542D3EBDCB80EDD98462C7821 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 1926899BF9FFE2602B63074971700412 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll

[-] 6815DEF9B810AEFAC107EEAF72DA6F82 [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\system32\shsvcs.dll

[-] 6815DEF9B810AEFAC107EEAF72DA6F82 [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\system32\dllcache\shsvcs.dll

 

[-] 1EE7B434BA961EF845DE136224C30FEC [5.1.2601.2180] c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] B45A744CA0A15A59D8B0307CE9741E92 [5.1.2520.0 (WindowsXP.000424-1359)] c:\windows\$NtServicePackUninstall$\aec.sys

[-] 841F385C6CFAF66B58FBD898722BB4F0 [5.1.2601.2078] c:\windows\$NtUninstallKB900485$\aec.sys

[-] 1EE7B434BA961EF845DE136224C30FEC [5.1.2601.2180] c:\windows\Driver Cache\i386\aec.sys

[-] 841F385C6CFAF66B58FBD898722BB4F0 [5.1.2601.2078] c:\windows\ServicePackFiles\i386\aec.sys

[-] 8BED39E3C35D6A489438B8141717A557 [5.1.2601.3142] c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys

[-] 1EE7B434BA961EF845DE136224C30FEC [5.1.2601.2180] c:\windows\system32\drivers\aec.sys

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-05-10 00:24 . 2006-05-10 00:24 50760 c:\program files\Common Files\AOL\1135649648\ee\bak\AOLSoftware.exe

 

2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe

 

2004-09-14 18:16 . 2004-09-14 18:16 1212416 c:\program files\D-Link\AirPlus G\bak\AirGCFG.exe

 

2006-01-01 02:47 . 2005-04-13 08:48 36975 c:\program files\Java\jre1.5.0_03\bin\bak\jusched.exe

 

2006-12-06 01:44 . 2006-12-06 01:44 366400 c:\program files\Picasa2\bak\PicasaMediaDetector.exe

2008-02-26 01:23 . 2008-02-26 01:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

 

2006-10-11 00:18 . 2006-08-30 16:46 183367 c:\program files\Plaxo\2.11.1.5\bak\PlaxoHelper.exe

 

2006-07-18 18:21 . 2006-07-18 18:24 1249280 c:\program files\Steam\bak\steam.exe

2006-07-18 18:21 . 2009-03-23 21:41 1410296 c:\program files\Steam\steam.exe

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-07 520024]

"Iyuzuga"="c:\windows\ixulidupayazada.dll" [2009-09-01 158208]

"CPMdb4bdd13"="c:\windows\system32\sawubiyi.dll" [N/A]

"kikabamoze"="c:\windows\system32\lihelani.dll" [N/A]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-1-2 113664]

ClientManager3.lnk - c:\program files\BUFFALO\Client Manager3\cm3_tray.exe [2007-10-12 471040]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winsy63.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1135649648\\ee\\aim6.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=

"c:\\Program Files\\Steam\\steamapps\\thelastcryptic\\counter-strike\\hl.exe"=

"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"=

"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=

"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=

"c:\\Program Files\\Steam\\steam.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Steam1\\steamapps\\murderousassassin\\counter-strike\\hl.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20367:TCP"= 20367:TCP:BitComet 20367 TCP

"20367:UDP"= 20367:UDP:BitComet 20367 UDP

 

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/24/2009 1:43 AM 64160]

S0 winsy63;winsy63;c:\windows\system32\Drivers\Winsy63.sys --> c:\windows\system32\Drivers\Winsy63.sys [?]

S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]

S3 File;File;c:\windows\system32\File.sys [10/31/2006 11:20 PM 8320]

S3 Ingelirsw;Ingelirsw; [x]

S3 mKernel;mKernel;\??\c:\documents and settings\Lee ##notallowed\Desktop\LoA\WMFUP.sys --> c:\documents and settings\Lee ##notallowed\Desktop\LoA\WMFUP.sys [?]

S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2/7/2006 8:42 PM 19232]

S3 XDva008;XDva008;\??\c:\windows\system32\XDva008.sys --> c:\windows\system32\XDva008.sys [?]

S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys --> c:\windows\system32\XDva019.sys [?]

S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?]

S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0A26381C-3AD2-7AE5-7CB4-8CBD2EEA1ECE}]

c:\windows\system32\javaup.exe 2

.

Contents of the 'Scheduled Tasks' folder

 

2009-09-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:49]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{761e780a-8778-4154-b000-e6467f8c5033} - c:\windows\system32\kosojebi.dll

 

 

.

------- Supplementary Scan -------

.

uLocal Page = \blank.htm

uStart Page = hxxp://www.myspace.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.myspace.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: pcpitstop.com

FF - ProfilePath - c:\documents and settings\Lee ##notallowed\Application Data\Mozilla\Firefox\Profiles\8o3s7wit.default\

FF - prefs.js: browser.startup.homepage - www.myspace.com

FF - plugin: c:\documents and settings\Lee ##notallowed\Application Data\Mozilla\Firefox\Profiles\8o3s7wit.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll

FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll

FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll

FF - HiddenExtension: XUL Cache: {46708313-7E9F-414F-81DF-A09D29743CCB} - c:\documents and settings\Lee ##notallowed\Local Settings\Application Data\{46708313-7E9F-414F-81DF-A09D29743CCB}

FF - HiddenExtension: XUL Cache: {D5DD0884-5CA7-4438-A46C-EC7FEE7D764F} - c:\documents and settings\Administrator\Local Settings\Application Data\{D5DD0884-5CA7-4438-A46C-EC7FEE7D764F}\

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-07 18:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(2616)

c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

c:\windows\System32\shdoclc.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe

c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-09-07 19:04 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-07 23:04

 

Pre-Run: 101,835,165,696 bytes free

Post-Run: 101,864,427,520 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4

604 --- E O F --- 2009-03-11 18:21

Edited by Solokan

Share this post


Link to post
Share on other sites

Hi,

 

Please upload following file to http://www.virustotal.com (rescan the file if option given) and post back link to the results:

c:\windows\system32\drivers\ndis.sys

 

Ensure that the Cryptographic Services service is running on your computer. To do this, open Control Panel, Administrative Tools, Services. Select Cryptographic Service from the list of names. Right-click this service and select Properties. If the service is not shown as "Started", you can start it by clicking the Start button. You should also set the Startup type to Automatic so that it will be running when needed in future. Let me know if Cryptographic Service wasn't running.

 

Post a fresh dds log too.

Share this post


Link to post
Share on other sites

Tried to upload it twice and both times the percentage uploaded got to about 60% and stopped. The site said it had an internal system error both times.

 

 

DDS (Ver_09-07-30.01) - NTFSx86

Run by Lee ##notallowed at 3:07:55.83 on Tue 09/08/2009

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.224 [GMT -4:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

c:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Lee ##notallowed\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uLocal Page = \blank.htm

uStart Page = hxxp://www.myspace.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.myspace.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [iyuzuga] rundll32.exe "c:\windows\ixulidupayazada.dll",e

mRun: [CPMdb4bdd13] Rundll32.exe "c:\windows\system32\sawubiyi.dll",a

mRun: [kikabamoze] Rundll32.exe "c:\windows\system32\lihelani.dll",s

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: pcpitstop.com

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\leesch~1\applic~1\mozilla\firefox\profiles\8o3s7wit.default\

FF - prefs.js: browser.startup.homepage - www.myspace.com

FF - plugin: c:\documents and settings\lee ##notallowed\application data\mozilla\firefox\profiles\8o3s7wit.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll

FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll

FF - HiddenExtension: XUL Cache: {46708313-7E9F-414F-81DF-A09D29743CCB} - c:\documents and settings\lee ##notallowed\local settings\application data\{46708313-7E9F-414F-81DF-A09D29743CCB}

FF - HiddenExtension: XUL Cache: {D5DD0884-5CA7-4438-A46C-EC7FEE7D764F} - c:\documents and settings\administrator\local settings\application data\{d5dd0884-5ca7-4438-a46c-ec7fee7d764f}\

 

============= SERVICES / DRIVERS ===============

 

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160]

S0 winsy63;winsy63;c:\windows\system32\drivers\winsy63.sys --> c:\windows\system32\drivers\Winsy63.sys [?]

S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]

S3 File;File;c:\windows\system32\File.sys [2006-10-31 8320]

S3 Ingelirsw;Ingelirsw; [x]

S3 mKernel;mKernel;\??\c:\documents and settings\lee ##notallowed\desktop\loa\wmfup.sys --> c:\documents and settings\lee ##notallowed\desktop\loa\WMFUP.sys [?]

S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2006-2-7 19232]

S3 XDva008;XDva008;\??\c:\windows\system32\xdva008.sys --> c:\windows\system32\XDva008.sys [?]

S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]

S3 XDva076;XDva076;\??\c:\windows\system32\xdva076.sys --> c:\windows\system32\XDva076.sys [?]

S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

UnknownUnknown 3c96cf9;3c96cf9; [x]

 

=============== Created Last 30 ================

 

2009-09-07 18:49 <DIR> a-dshr-- C:\cmdcons

2009-09-07 18:48 230,912 a------- c:\windows\PEV.exe

2009-09-07 18:48 161,792 a------- c:\windows\SWREG.exe

2009-09-07 18:48 98,816 a------- c:\windows\sed.exe

2009-09-01 18:39 158,208 a------- c:\windows000344.tmp

2009-09-01 18:39 45,056 a------- c:\windows026444.tmp

2009-09-01 18:22 <DIR> --d----- c:\program files\NortonInstaller

2009-09-01 16:22 21,380 a------- c:\windows\system32\AAWService_2009_09_01_16_22_22.dmp

2009-09-01 15:59 23,696 a------- c:\windows\system32\AAWService_2009_09_01_15_59_56.dmp

2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings

2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton

2009-09-01 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller

2009-09-01 11:45 24,576 a------- c:\windows\system32\userinit.exe

2009-08-23 16:01 23,163 a------- c:\windows\system32\AAWService_2009_08_23_16_01_39.dmp

2009-08-22 21:49 25,055 a------- c:\windows\system32\AAWService_2009_08_22_21_49_46.dmp

 

==================== Find3M ====================

 

2009-09-01 17:39 158,208 a------- c:\windows\ixulidupayazada.dll

2009-09-01 16:47 88,064 a--sh--- c:\windows\system32\telonapi.dll

2009-09-01 16:47 80,384 a--sh--- c:\windows\system32\wavowibi.dll

2005-11-09 22:04 13 a------- c:\program files\autobans.txt

2005-09-01 17:04 10,156,943 a------- c:\program files\avg70free_289a392.exe

2009-03-28 16:10 61,440 a--sh--- c:\windows\system32\gemuhede.exe

0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\sorusodi.dll.vir

 

============= FINISH: 3:08:23.18 ===============

Edited by Solokan

Share this post


Link to post
Share on other sites

Upload the file here. Kindly include topic url.

 

Was Cryptographic service running?

Share this post


Link to post
Share on other sites

This section is only accessible by certain groups. If you feel that you should have access to this section please contact an administrator.

Share this post


Link to post
Share on other sites

Hi,

 

I received the upload. Thanks.

 

You didn't reply this question yet:

Was Cryptographic service running?

Share this post


Link to post
Share on other sites

Ok. The thing is that your system is so badly infected that it would be recommended to do a reformat and start from fresh.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this