infected by some type of malware

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages
1
2
3
→
Last »

You cannot start a new topic
This topic is locked

infected by some type of malware no control over mouse/software antivirus usless

#1 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 10 November 2009 - 06:29 PM

Garmanma has asked me to post the following logs here to see if you can assist me

Topic referenced is here: http://www.bleepingcomputer.com/forums/topic270277.html ~ OB

here goes

Thank you for your prompt attention... here are the logs you requested

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/09 20:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF794E000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

Volume in drive C has no label.
Volume Serial Number is 109B-EE2E

Directory of C:\WINDOWS\$NtServicePackUninstall$

04/08/2004 07:56 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

04/08/2004 07:56 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

04/08/2004 07:56 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 00:12 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 00:12 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 00:11 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

14/04/2008 00:12 181,248 scecli.dll

Directory of C:\WINDOWS\system32

14/04/2008 00:12 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

14/04/2008 00:11 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 20,311,953,408 bytes free

thanks again for your time
Running from: E:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[1] 2005-07-26 04:20:23 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:42 225792 C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 215040 C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll ()

[1] 2004-08-04 07:56:41 229888 C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 225280 C:\WINDOWS\$xpsp1hfm$\KB828741\catsrv.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 226304 C:\WINDOWS\ServicePackFiles\i386\catsrv.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 226304 C:\WINDOWS\system32\catsrv.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 226304 C:\WINDOWS\system32\dllcache\catsrv.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[1] 2005-07-26 04:20:23 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:43 625152 C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 583168 C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll ()

[1] 2004-08-04 07:56:41 628224 C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 594944 C:\WINDOWS\$xpsp1hfm$\KB828741\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 625664 C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 625664 C:\WINDOWS\system32\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 625664 C:\WINDOWS\system32\dllcache\catsrvut.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[1] 2005-07-26 04:20:23 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:43 110080 C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 100864 C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll ()

[1] 2004-08-04 07:56:41 110080 C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 110080 C:\WINDOWS\$xpsp1hfm$\KB828741\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 110592 C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 110592 C:\WINDOWS\system32\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 110592 C:\WINDOWS\system32\dllcache\clbcatex.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[1] 2005-07-26 04:20:24 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:43 498688 C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 468480 C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll ()

[1] 2004-08-04 07:56:41 501248 C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:11 499712 C:\WINDOWS\$xpsp1hfm$\KB828741\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 498688 C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 498688 C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[1] 2005-07-26 04:20:24 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:43 60416 C:\WINDOWS\$NtServicePackUninstall$\colbact.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 56832 C:\WINDOWS\$NtUninstallKB828741$\colbact.dll ()

[1] 2004-08-04 07:56:41 62464 C:\WINDOWS\$NtUninstallKB902400$\colbact.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 64512 C:\WINDOWS\$xpsp1hfm$\KB828741\colbact.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 60416 C:\WINDOWS\ServicePackFiles\i386\colbact.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 60416 C:\WINDOWS\system32\colbact.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[1] 2005-07-26 04:20:24 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:44 195072 C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 186880 C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll ()

[1] 2004-08-04 07:56:41 195584 C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 187904 C:\WINDOWS\$xpsp1hfm$\KB828741\comadmin.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 195072 C:\WINDOWS\ServicePackFiles\i386\comadmin.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 195072 C:\WINDOWS\system32\Com\comadmin.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 195072 C:\WINDOWS\system32\dllcache\comadmin.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

[1] 2004-08-04 07:56:48 9728 C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe (Microsoft Corporation)

[1] 2001-08-18 12:00:00 8192 C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe ()

[1] 2004-02-17 18:49:58 8192 C:\WINDOWS\$xpsp1hfm$\KB828741\comrepl.exe (Microsoft Corporation)

[1] 2008-04-14 00:12:15 9728 C:\WINDOWS\ServicePackFiles\i386\comrepl.exe (Microsoft Corporation)

[1] 2008-04-14 00:12:15 9728 C:\WINDOWS\system32\Com\comrepl.exe (Microsoft Corporation)

[1] 2008-04-14 00:12:15 9728 C:\WINDOWS\system32\dllcache\comrepl.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[1] 2005-07-26 04:20:27 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:44 1267200 C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 1139200 C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll ()

[1] 2004-08-04 07:56:41 1251840 C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:11 1194496 C:\WINDOWS\$xpsp1hfm$\KB828741\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 1267200 C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 1267200 C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[1] 2005-07-26 04:20:28 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:45 540160 C:\WINDOWS\$NtServicePackUninstall$\comuid.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 495616 C:\WINDOWS\$NtUninstallKB828741$\comuid.dll ()

[1] 2004-08-04 07:56:41 540160 C:\WINDOWS\$NtUninstallKB902400$\comuid.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 499200 C:\WINDOWS\$xpsp1hfm$\KB828741\comuid.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 539648 C:\WINDOWS\ServicePackFiles\i386\comuid.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 539648 C:\WINDOWS\system32\comuid.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:51 539648 C:\WINDOWS\system32\dllcache\comuid.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

[1] 2005-07-26 04:20:28 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 20:23:18 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:45 243200 C:\WINDOWS\$NtServicePackUninstall$\es.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 224768 C:\WINDOWS\$NtUninstallKB828741$\es.dll ()

[1] 2004-08-04 07:56:42 243200 C:\WINDOWS\$NtUninstallKB902400$\es.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:53 246272 C:\WINDOWS\$NtUninstallKB950974$\es.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:11 226816 C:\WINDOWS\$xpsp1hfm$\KB828741\es.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:53 246272 C:\WINDOWS\ServicePackFiles\i386\es.dll (Microsoft Corporation)

[1] 2008-07-07 20:26:58 253952 C:\WINDOWS\system32\dllcache\es.dll (Microsoft Corporation)

[1] 2008-07-07 20:26:58 253952 C:\WINDOWS\system32\es.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

[1] 2005-07-25 23:42:35 8704 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe (Microsoft Corporation)

[1] 2004-08-04 07:56:51 7680 C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe (Microsoft Corporation)

[1] 2001-08-18 12:00:00 6656 C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe ()

[1] 2004-02-17 18:50:10 6656 C:\WINDOWS\$xpsp1hfm$\KB828741\migregdb.exe (Microsoft Corporation)

[1] 2008-04-14 00:12:25 7680 C:\WINDOWS\ServicePackFiles\i386\migregdb.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[1] 2005-07-26 04:20:29 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 19:34:20 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 14:09:35 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 19:42:42 426496 C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 360960 C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll ()

[1] 2004-08-04 07:56:43 425472 C:\WINDOWS\$NtUninstallKB902400$\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:46 425472 C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 427008 C:\WINDOWS\$NtUninstallKB952004$\msdtcprx.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 367616 C:\WINDOWS\$xpsp1hfm$\KB828741\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 427008 C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 428032 C:\WINDOWS\system32\dllcache\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 428032 C:\WINDOWS\system32\msdtcprx.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[1] 2005-07-26 04:20:31 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 19:34:20 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 14:09:35 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 19:42:42 956416 C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 869376 C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll ()

[1] 2004-08-04 07:56:43 949248 C:\WINDOWS\$NtUninstallKB902400$\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:47 945152 C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 956928 C:\WINDOWS\$NtUninstallKB952004$\msdtctm.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:11 977920 C:\WINDOWS\$xpsp1hfm$\KB828741\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 956928 C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 956928 C:\WINDOWS\system32\dllcache\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 956928 C:\WINDOWS\system32\msdtctm.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[1] 2005-07-26 04:20:31 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 19:34:20 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 14:09:35 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 19:42:42 161280 C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 151040 C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll ()

[1] 2004-08-04 07:56:43 161280 C:\WINDOWS\$NtUninstallKB902400$\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:47 161280 C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 161792 C:\WINDOWS\$NtUninstallKB952004$\msdtcuiu.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 150528 C:\WINDOWS\$xpsp1hfm$\KB828741\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 161792 C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 161792 C:\WINDOWS\system32\dllcache\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 161792 C:\WINDOWS\system32\msdtcuiu.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[1] 2005-07-26 04:20:39 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 19:34:20 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 14:09:35 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 19:42:42 66560 C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 61440 C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll ()

[1] 2004-08-04 07:56:44 66560 C:\WINDOWS\$NtUninstallKB902400$\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:47 66560 C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:01 66560 C:\WINDOWS\$NtUninstallKB952004$\mtxclu.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 64512 C:\WINDOWS\$xpsp1hfm$\KB828741\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:01 66560 C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 66560 C:\WINDOWS\system32\dllcache\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 66560 C:\WINDOWS\system32\mtxclu.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[1] 2005-07-26 04:20:40 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 19:34:20 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 14:09:35 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 19:42:42 91136 C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 83968 C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll ()

[1] 2004-08-04 07:56:44 90112 C:\WINDOWS\$NtUninstallKB902400$\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:47 91136 C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:01 91648 C:\WINDOWS\$NtUninstallKB952004$\mtxoci.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 82432 C:\WINDOWS\$xpsp1hfm$\KB828741\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:01 91648 C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 91648 C:\WINDOWS\system32\dllcache\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 14:23:32 91648 C:\WINDOWS\system32\mtxoci.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[1] 2005-01-14 05:07:42 1284608 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 19:35:02 1286144 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 04:20:40 1285632 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:48 1285120 C:\WINDOWS\$NtServicePackUninstall$\ole32.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 1141248 C:\WINDOWS\$NtUninstallKB828741$\ole32.dll ()

[1] 2004-08-04 07:56:44 1281536 C:\WINDOWS\$NtUninstallKB873333$\ole32.dll (Microsoft Corporation)

[1] 2005-01-14 08:55:50 1285120 C:\WINDOWS\$NtUninstallKB894391$\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 19:31:11 1285120 C:\WINDOWS\$NtUninstallKB902400$\ole32.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:11 1183744 C:\WINDOWS\$xpsp1hfm$\KB828741\ole32.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:02 1287168 C:\WINDOWS\ServicePackFiles\i386\ole32.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:02 1287168 C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[1] 2009-04-15 15:24:20 585216 C:\WINDOWS\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2007-07-09 13:16:16 582656 C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 463872 C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll ()

[1] 2004-08-04 07:56:44 581120 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:04 584704 C:\WINDOWS\$NtUninstallKB970238$\rpcrt4.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:11 535552 C:\WINDOWS\$xpsp1hfm$\KB828741\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:04 584704 C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 14:51:25 585216 C:\WINDOWS\system32\dllcache\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 14:51:25 585216 C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[1] 2005-01-14 05:07:42 395776 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 19:35:01 396288 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 04:20:40 398336 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 10:56:36 401408 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:49 397824 C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 259072 C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll ()

[1] 2004-08-04 07:56:44 395776 C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll (Microsoft Corporation)

[1] 2005-01-14 08:55:50 395776 C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 19:31:11 395776 C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:04 399360 C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:11 263680 C:\WINDOWS\$xpsp1hfm$\KB828741\rpcss.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:04 399360 C:\WINDOWS\ServicePackFiles\i386\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 12:10:48 401408 C:\WINDOWS\system32\dllcache\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 12:10:48 401408 C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[1] 2005-07-26 04:20:40 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll (Microsoft Corporation)

[1] 2005-07-26 04:39:49 101376 C:\WINDOWS\$NtServicePackUninstall$\txflog.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 90624 C:\WINDOWS\$NtUninstallKB828741$\txflog.dll ()

[1] 2004-08-04 07:56:46 101376 C:\WINDOWS\$NtUninstallKB902400$\txflog.dll (Microsoft Corporation)

[1] 2004-03-06 02:16:10 97280 C:\WINDOWS\$xpsp1hfm$\KB828741\txflog.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:07 101376 C:\WINDOWS\ServicePackFiles\i386\txflog.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:07 101376 C:\WINDOWS\system32\dllcache\txflog.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:07 101376 C:\WINDOWS\system32\txflog.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\browser.dll

[1] 2004-08-04 07:56:41 77312 C:\WINDOWS\$NtServicePackUninstall$\browser.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 49152 C:\WINDOWS\$NtUninstallKB835732$\browser.dll ()

[1] 2008-04-14 00:11:50 77824 C:\WINDOWS\ServicePackFiles\i386\browser.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 77824 C:\WINDOWS\system32\browser.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[1] 2004-08-04 07:56:41 385024 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 360448 C:\WINDOWS\$NtUninstallKB835732$\callcont.dll ()

[1] 2004-03-30 01:48:36 364544 C:\WINDOWS\$xpsp1hfm$\KB835732\callcont.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 385024 C:\WINDOWS\ServicePackFiles\i386\callcont.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:50 385024 C:\WINDOWS\system32\dllcache\callcont.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

[1] 2005-10-06 03:18:28 280064 C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2005-12-29 03:04:05 280064 C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 15:48:36 282112 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 13:37:21 282112 C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-02-20 06:52:43 282624 C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 12:43:42 286720 C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-02-20 06:51:05 282624 C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 250880 C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll ()

[1] 2004-08-04 07:56:42 278016 C:\WINDOWS\$NtUninstallKB896424$\gdi32.dll (Microsoft Corporation)

[1] 2005-10-06 03:09:36 280064 C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll (Microsoft Corporation)

[1] 2005-12-29 02:54:35 280064 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 15:36:28 281600 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 13:31:19 282112 C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:54 285184 C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll (Microsoft Corporation)

[1] 2004-03-30 01:48:36 257536 C:\WINDOWS\$xpsp1hfm$\KB835732\gdi32.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:54 285184 C:\WINDOWS\ServicePackFiles\i386\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 12:36:14 286720 C:\WINDOWS\system32\dllcache\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 12:36:14 286720 C:\WINDOWS\system32\gdi32.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

[1] 2004-08-04 07:56:57 265728 C:\WINDOWS\$NtServicePackUninstall$\h323.tsp ()

[1] 2001-08-18 12:00:00 252928 C:\WINDOWS\$NtUninstallKB835732$\h323.tsp ()

[1] 2004-03-30 01:48:36 253440 C:\WINDOWS\$xpsp1hfm$\KB835732\h323.tsp ()

[1] 2008-04-14 00:12:45 265728 C:\WINDOWS\ServicePackFiles\i386\h323.tsp ()

[1] 2008-04-14 00:12:45 265728 C:\WINDOWS\system32\h323.tsp ()

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[1] 2004-08-04 07:56:42 614912 C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 592896 C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll ()

[1] 2004-03-30 01:48:36 593408 C:\WINDOWS\$xpsp1hfm$\KB835732\h323msp.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:54 614912 C:\WINDOWS\ServicePackFiles\i386\h323msp.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:54 614912 C:\WINDOWS\system32\dllcache\h323msp.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:54 614912 C:\WINDOWS\system32\h323msp.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

[1] 2004-08-04 07:56:49 768512 C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe (Microsoft Corporation)

[1] 2001-08-18 12:00:00 692224 C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe ()

[1] 2004-03-30 01:34:15 741376 C:\WINDOWS\$xpsp1hfm$\KB835732\helpctr.exe (Microsoft Corporation)

[1] 2008-04-14 00:12:21 769024 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe (Microsoft Corporation)

[1] 2008-04-14 00:12:21 769024 C:\WINDOWS\ServicePackFiles\i386\helpctr.exe (Microsoft Corporation)

[1] 2008-04-14 00:12:21 769024 C:\WINDOWS\system32\dllcache\helpctr.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[1] 2004-08-04 07:56:42 331264 C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 453632 C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll ()

[1] 2004-03-30 01:48:36 439808 C:\WINDOWS\$xpsp1hfm$\KB835732\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:55 331264 C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:55 331264 C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[1] 2004-10-28 01:28:18 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 12:37:49 726528 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 09:50:47 727040 C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 10:56:36 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-26 09:41:12 730112 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 09:26:56 721920 C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 669696 C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll ()

[1] 2004-08-04 07:56:42 721920 C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-28 01:21:01 721920 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 12:28:27 721920 C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:56 728064 C:\WINDOWS\$NtUninstallKB956572$\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 12:10:49 729088 C:\WINDOWS\$NtUninstallKB968389$\lsasrv.dll (Microsoft Corporation)

[1] 2004-03-30 01:48:36 667648 C:\WINDOWS\$xpsp1hfm$\KB835732\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:56 728064 C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 08:25:26 730112 C:\WINDOWS\system32\dllcache\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 08:25:26 730112 C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

[1] 2007-03-08 15:48:36 40960 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll (Microsoft Corporation)

[1] 2007-03-08 15:36:28 40960 C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 35328 C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll ()

[1] 2004-08-04 07:56:42 39936 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll (Microsoft Corporation)

[1] 2004-03-30 01:48:36 36864 C:\WINDOWS\$xpsp1hfm$\KB835732\mf3216.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:56 40960 C:\WINDOWS\ServicePackFiles\i386\mf3216.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:56 40960 C:\WINDOWS\system32\dllcache\mf3216.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:56 40960 C:\WINDOWS\system32\mf3216.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[1] 2009-09-04 20:57:48 58880 C:\WINDOWS\$hf_mig$\KB974571\SP3QFE\msasn1.dll (Microsoft Corporation)

[1] 2004-08-04 07:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 51200 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll ()

[1] 2008-04-14 00:11:58 57344 C:\WINDOWS\$NtUninstallKB974571$\msasn1.dll (Microsoft Corporation)

[1] 2004-03-30 01:48:36 51712 C:\WINDOWS\$xpsp1hfm$\KB835732\msasn1.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2009-09-04 21:03:36 58880 C:\WINDOWS\system32\dllcache\msasn1.dll (Microsoft Corporation)

[1] 2009-09-04 21:03:36 58880 C:\WINDOWS\system32\msasn1.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[1] 2004-08-04 07:56:43 994304 C:\WINDOWS\$NtServicePackUninstall$\msgina.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 967680 C:\WINDOWS\$NtUninstallKB835732$\msgina.dll ()

[1] 2004-03-30 01:48:36 971264 C:\WINDOWS\$xpsp1hfm$\KB835732\msgina.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 997376 C:\WINDOWS\ServicePackFiles\i386\msgina.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:59 997376 C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[1] 2004-08-04 07:56:43 274432 C:\WINDOWS\$NtServicePackUninstall$\mst120.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 249856 C:\WINDOWS\$NtUninstallKB835732$\mst120.dll ()

[1] 2004-03-30 01:48:36 253952 C:\WINDOWS\$xpsp1hfm$\KB835732\mst120.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:00 274432 C:\WINDOWS\ServicePackFiles\i386\mst120.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:00 274432 C:\WINDOWS\system32\dllcache\mst120.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

[1] 2006-07-14 15:41:56 336896 C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 12:37:49 337408 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 16:25:53 339456 C:\WINDOWS\$hf_mig$\KB958644\SP3QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 12:28:27 332288 C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 309760 C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll ()

[1] 2004-08-04 07:56:44 332288 C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 15:31:39 332288 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:01 337408 C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll (Microsoft Corporation)

[1] 2004-03-30 01:48:36 306176 C:\WINDOWS\$xpsp1hfm$\KB835732\netapi32.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:01 337408 C:\WINDOWS\ServicePackFiles\i386\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 16:34:24 337408 C:\WINDOWS\system32\dllcache\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 16:34:24 337408 C:\WINDOWS\system32\netapi32.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[1] 2004-08-04 07:56:44 77824 C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 69632 C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll ()

[1] 2004-03-30 01:48:36 73728 C:\WINDOWS\$xpsp1hfm$\KB835732\nmcom.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:02 77824 C:\WINDOWS\ServicePackFiles\i386\nmcom.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:02 77824 C:\WINDOWS\system32\dllcache\nmcom.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[1] 2001-08-18 12:00:00 550400 C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll ()

[1] 2004-03-30 01:48:36 548352 C:\WINDOWS\$xpsp1hfm$\KB835732\rtcdll.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:50 991232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[1] 2007-04-25 20:32:22 144896 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 06:58:08 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 08:41:11 147456 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2007-04-25 14:21:15 144896 C:\WINDOWS\$NtServicePackUninstall$\schannel.dll (Microsoft Corporation)

[1] 2001-08-18 12:00:00 133632 C:\WINDOWS\$NtUninstallKB835732$\schannel.dll ()

[1] 2004-08-04 07:56:44 144896 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:05 144384 C:\WINDOWS\$NtUninstallKB960225$\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 06:54:55 144896 C:\WINDOWS\$NtUninstallKB968389$\schannel.dll (Microsoft Corporation)

[1] 2004-03-30 01:48:36 136704 C:\WINDOWS\$xpsp1hfm$\KB835732\schannel.dll (Microsoft Corporation)

[1] 2008-04-14 00:12:05 144384 C:\WINDOWS\ServicePackFiles\i386\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 08:25:26 147456 C:\WINDOWS\system32\dllcache\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 08:25:26 147456 C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)

Finished!
garmanma said the logs did not look right and to post them here together with the DDS file, as you may help

good luck and thanks

DDS (Ver_09-10-26.01) - NTFSx86 MINIMAL
Run by Administrator at 19:50:30.92 on 09/11/2009
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

============== Pseudo HJT Report ===============

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CSolidBrowserObj Object: {bd08a9d5-0e5c-4f42-99a3-c0cb5e860557} - c:\windows\system32\solidstatenetworks\solidstateion\solidax.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_15.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\avgfwafu.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-11-09 17:46:11 30136 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2009-11-09 17:46:11 0 d-----w- c:\program files\SanityCheck
2009-11-09 17:43:22 2335270 ----a-w- c:\windows\system32\34e1.mht
2009-11-09 16:38:53 57 ----a-w- c:\windows\system32\mapisvc.inf
2009-11-09 16:38:52 31744 ----a-w- c:\windows\system32\fxsroute.dll
2009-11-09 16:38:52 11264 ----a-w- c:\windows\system32\fxssend.exe
2009-11-09 16:38:51 1793 ----a-w- c:\windows\system32\fxsperf.ini
2009-11-09 16:38:51 1361 ----a-w- c:\windows\system32\fxscount.h
2009-11-09 16:38:51 132608 ----a-w- c:\windows\system32\fxsclntR.dll
2009-11-09 16:38:51 111104 ----a-w- c:\windows\system32\fxscfgwz.dll
2009-11-09 13:27:18 8937786 -csh--r- C:\AVG7DB_F.DAT
2009-11-09 11:51:34 106543 ----a-w- c:\windows\system32\avgfwafu.dll
2009-11-09 11:51:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Grisoft
2009-11-08 17:25:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:25:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 17:25:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 17:16:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-01 17:33:15 0 d-----w- c:\windows\system32\XPToolsLicenseComponent
2009-10-27 20:10:35 519 ----a-w- c:\windows\Viewer.INI
2009-10-26 15:45:07 0 d-----w- c:\program files\Microsoft ASP.NET
2009-10-26 15:17:02 0 d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-26 14:32:22 0 d-----w- c:\program files\Microsoft Help
2009-10-26 14:23:29 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-10-26 14:22:31 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-10-26 14:19:15 0 d-----w- c:\windows\system32\RsFx
2009-10-26 13:25:07 165 ----a-w- c:\windows\system32\spupdsvc.inf
2009-10-26 13:12:05 0 d-----w- c:\program files\Microsoft Synchronization Services
2009-10-26 13:05:10 0 d-----w- c:\program files\Microsoft Visual Studio 10.0
2009-10-26 11:52:50 0 d-----w- c:\program files\Microsoft Pro Photo Tools
2009-10-25 19:24:56 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-24 17:19:10 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-23 10:56:24 32 ----a-w- c:\windows\CD_Start.INI
2009-10-23 10:36:13 0 d-----w- c:\program files\EverydayBiographies
2009-10-22 17:59:31 971 ----a-w- c:\windows\MyHeritage.INI
2009-10-22 17:57:26 0 d-----w- c:\docume~1\alluse~1\applic~1\MyHeritage
2009-10-22 17:57:03 454656 ----a-w- c:\windows\system32\PaintX.dll
2009-10-22 17:57:03 372736 ----a-w- c:\windows\system32\ijl15.dll
2009-10-22 17:56:21 0 d-----w- c:\program files\MyHeritage
2009-10-22 17:05:30 0 dc----w- C:\6bf6e3cd2ba2fab5ffbc84f2
2009-10-21 17:39:34 0 d-----w- c:\program files\File Helper
2009-10-21 16:35:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2009-10-21 16:34:47 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-20 15:25:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-20 15:25:32 0 d-----w- c:\program files\Avira
2009-10-20 15:25:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

==================== Find3M ====================

2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-07 05:31:18 17744 ----a-w- c:\windows\system32\aspnet_counters.dll
2009-10-07 02:44:58 767312 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2009-10-07 02:44:58 70456 ----a-w- c:\windows\system32\dxva2.dll
2009-10-07 02:44:58 486200 ----a-w- c:\windows\system32\evr.dll
2009-10-07 02:17:56 99160 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-07 02:17:56 48960 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-07 02:17:56 297792 ----a-w- c:\windows\system32\mscoree.dll
2009-10-07 02:17:56 295248 ----a-w- c:\windows\system32\PresentationHost.exe
2009-10-07 02:17:56 1130816 ----a-w- c:\windows\system32\dfshim.dll
2009-10-07 01:21:54 80704 ----a-w- c:\windows\system32\mfcm100u.dll
2009-10-07 01:21:54 80192 ----a-w- c:\windows\system32\mfcm100.dll
2009-10-07 01:21:54 767296 ----a-w- c:\windows\system32\msvcr100.dll
2009-10-07 01:21:54 4371264 ----a-w- c:\windows\system32\mfc100u.dll
2009-10-07 01:21:54 4344640 ----a-w- c:\windows\system32\mfc100.dll
2009-10-07 01:21:54 424256 ----a-w- c:\windows\system32\msvcp100.dll
2009-10-07 01:21:54 138048 ----a-w- c:\windows\system32\atl100.dll
2009-09-15 21:35:20 156488 ----a-w- c:\windows\system32\mscorier.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 04:22:38 351248 ----a-w- c:\windows\system32\FTBSaver.scr
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 05:57:16 234328 ----a-w- c:\windows\system32\SqlServerSpatial.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 -c--a-w- c:\windows\system32\strmdll.dll
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-05-25 16:25:46 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052520080526\index.dat

============= FINISH: 19:51:34.23 ===============

This post has been edited by Orange Blossom: 10 November 2009 - 06:47 PM

#2 Blade

Strong in the Bleepforce

Group: Site Admin
Posts: 9,575
Joined: 20-January 09
Gender:Male
Location:US

Posted 17 November 2009 - 08:20 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!

#3 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 17 November 2009 - 02:15 PM

I have been back to BC everyday, but I was advised not to make any posts as it would look as if one of you were helping me.which would have delayed such help. I was also advised not to touch anything on the computer as it would confuse those who did try to help me.
therefore the status of my computer remained as stated in the post I made, however, since your post I have tried to do what you requested but as all my anti virus etc is already switched off, including the security centre, computer restore etc I could only manage to uninstall the antivirus which I had downloaded purely to get rid of any infections.
As it will not connect to the internet I have been using a memory stick to transfer programs to try and resolve the problem , on trying to transfer the new DDS file I have discovered that the computer now does not recognise the memory stick and by going into !My Computer! there is no trace of it.........I am now at a loss.......what do I do other than pull my hair out some more... by the way. I have very little of that to throw away lightly

#4 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 27,041
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 19 November 2009 - 08:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

If I have helped you fix your PC then please donate to the anti-malware cause. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#5 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 20 November 2009 - 10:26 AM

I have little to add to my previous posts, as was requested, I have not touched the computer other than when I was asked to turn off any anti virus (which was already turned off by the malware) so I removed them.I had tried Rkill but nothing happened. Other than that any posts I made re the status of my computer will have remained the same. But as asked I then again attempted to transfer another DDS file to my infected computer via the memory stick but now even that is not recognised, nor is the cd tray. The only control I appear to have is a very shaky mouse pointer when it starts up in safe mode, with no accesss to any programs which include system restore the cd tray and any usb.
I am now at a total loss as to what to do and Hope that you can make some sense of it all and help me out of this mess

#6 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 27,041
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 20 November 2009 - 05:23 PM

This sounds like a rootkit but not the rootkit Garmanma was searching for. However, that eliminates things nicely.

Please download Combofix onto the flash drive, renaming it comfix.com.

Plug the flash drive into the infected computer and attempt to drag Comfix.com onto the desktop.

Please run it as below:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Comfix.com & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If the comfix.com file cannot be dragged onto the desktop then please run it from the flash drive folder.

If I have helped you fix your PC then please donate to the anti-malware cause. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#7 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 21 November 2009 - 09:30 AM

The infected machine recognised the flash drive and the combofix.txt is as follows

ComboFix 09-11-20.02 - Administrator 21/11/2009 14:03.1.1 - x86 MINIMAL
Running from: E:\comfix.com.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\win.ini

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-09 17:48 . 2009-11-09 17:48 -------- d-----w- c:\windows\LastGood
2009-11-09 17:46 . 2009-03-02 11:24 30136 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2009-11-09 17:42 . 2009-11-09 17:42 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\jZip
2009-11-09 16:38 . 2001-08-18 12:00 31744 ----a-w- c:\windows\system32\fxsroute.dll
2009-11-09 16:38 . 2001-08-18 12:00 11264 ----a-w- c:\windows\system32\fxssend.exe
2009-11-09 16:38 . 2001-08-18 12:00 132608 ----a-w- c:\windows\system32\fxsclntR.dll
2009-11-09 16:38 . 2001-08-18 12:00 111104 ----a-w- c:\windows\system32\fxscfgwz.dll
2009-11-08 13:26 . 2009-11-08 13:26 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2009-11-08 13:26 . 2009-11-08 13:26 -------- dc----w- c:\documents and settings\Administrator\Application Data\ATI
2009-11-08 13:20 . 2009-11-08 13:20 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-11-07 17:16 . 2009-11-09 13:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-04 17:11 . 2009-11-04 17:11 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2009-11-04 17:11 . 2009-11-04 17:11 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2009-11-01 17:33 . 2009-11-01 17:33 -------- d-----w- c:\windows\system32\XPToolsLicenseComponent
2009-10-26 17:59 . 2009-10-26 17:59 319702 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2009-10-26 15:45 . 2009-10-26 15:45 -------- d-----w- c:\program files\Microsoft ASP.NET
2009-10-26 15:29 . 2009-10-26 15:47 570624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
2009-10-26 15:17 . 2009-10-26 15:17 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-26 14:32 . 2009-10-26 14:32 -------- d-----w- c:\program files\Microsoft Help
2009-10-26 14:23 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-10-26 14:22 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-10-26 14:19 . 2009-10-26 14:19 -------- d-----w- c:\windows\system32\RsFx
2009-10-26 13:12 . 2009-10-26 13:12 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-10-26 13:10 . 2009-10-26 14:31 205760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2009-10-26 13:05 . 2009-10-26 14:30 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2009-10-26 12:56 . 2009-10-28 21:05 219256 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-26 11:52 . 2009-10-26 11:52 -------- d-----w- c:\program files\Microsoft Pro Photo Tools
2009-10-25 19:24 . 2009-10-25 19:24 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-24 17:19 . 2009-10-26 13:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-23 10:36 . 2009-10-23 10:36 -------- d-----w- c:\program files\EverydayBiographies
2009-10-22 17:57 . 2009-10-22 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MyHeritage
2009-10-22 17:57 . 2003-07-06 12:07 372736 ----a-w- c:\windows\system32\ijl15.dll
2009-10-22 17:57 . 2002-03-06 23:19 454656 ----a-w- c:\windows\system32\PaintX.dll
2009-10-22 17:56 . 2009-10-22 19:09 -------- d-----w- c:\program files\MyHeritage
2009-10-22 17:05 . 2009-10-22 17:06 -------- dc----w- C:\6bf6e3cd2ba2fab5ffbc84f2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 13:45 . 2009-10-02 18:28 -------- d-----w- c:\program files\Eusing Free Registry Defrag
2009-11-18 20:26 . 2009-01-01 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2009-11-17 18:37 . 2009-01-14 13:39 -------- d-----w- c:\program files\RegScrubXP
2009-11-17 18:35 . 2006-07-20 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 18:35 . 2006-07-20 18:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 16:05 . 2006-09-22 16:06 -------- d-----w- c:\program files\lx_cats
2009-11-02 20:42 . 2009-10-02 17:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 17:59 . 2009-10-02 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-26 15:38 . 2007-12-04 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-26 15:36 . 2008-03-24 20:14 416 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-10-26 15:32 . 2008-02-09 15:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-26 15:25 . 2008-03-24 20:07 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-26 14:19 . 2008-03-24 20:20 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-26 14:14 . 2007-12-06 15:10 -------- d-----w- c:\program files\Microsoft.NET
2009-10-26 12:11 . 2009-02-04 17:11 -------- d-----w- c:\program files\Microsoft
2009-10-22 17:57 . 2009-09-29 18:55 -------- d-----w- c:\program files\Family Toolbar
2009-10-21 17:39 . 2009-10-21 17:39 -------- d-----w- c:\program files\File Helper
2009-10-21 16:35 . 2009-10-21 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-10-21 16:34 . 2008-01-06 19:54 -------- d-----w- c:\program files\CDBurnerXP
2009-10-07 05:31 . 2009-10-07 05:31 17744 ----a-w- c:\windows\system32\aspnet_counters.dll
2009-10-07 02:44 . 2009-10-07 02:44 767312 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2009-10-07 02:44 . 2009-10-07 02:44 70456 ----a-w- c:\windows\system32\dxva2.dll
2009-10-07 02:44 . 2009-10-07 02:44 486200 ----a-w- c:\windows\system32\evr.dll
2009-10-07 02:17 . 2009-10-07 02:17 99160 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-07 02:17 . 2009-10-07 02:17 48960 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-07 02:17 . 2009-10-07 02:17 297792 ----a-w- c:\windows\system32\mscoree.dll
2009-10-07 02:17 . 2009-10-07 02:17 295248 ----a-w- c:\windows\system32\PresentationHost.exe
2009-10-07 02:17 . 2009-10-07 02:17 1130816 ----a-w- c:\windows\system32\dfshim.dll
2009-10-07 01:21 . 2009-10-07 01:21 80704 ----a-w- c:\windows\system32\mfcm100u.dll
2009-10-07 01:21 . 2009-10-07 01:21 80192 ----a-w- c:\windows\system32\mfcm100.dll
2009-10-07 01:21 . 2009-10-07 01:21 767296 ----a-w- c:\windows\system32\msvcr100.dll
2009-10-07 01:21 . 2009-10-07 01:21 4371264 ----a-w- c:\windows\system32\mfc100u.dll
2009-10-07 01:21 . 2009-10-07 01:21 4344640 ----a-w- c:\windows\system32\mfc100.dll
2009-10-07 01:21 . 2009-10-07 01:21 424256 ----a-w- c:\windows\system32\msvcp100.dll
2009-10-07 01:21 . 2009-10-07 01:21 138048 ----a-w- c:\windows\system32\atl100.dll
2009-10-03 17:02 . 2007-03-29 16:52 -------- d-----w- c:\program files\Google
2009-10-02 19:54 . 2007-06-22 19:18 -------- d-----w- c:\program files\QuickTime
2009-10-02 19:54 . 2007-06-22 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-02 19:21 . 2009-02-27 14:44 -------- d-----w- c:\program files\NCH Software
2009-10-02 19:01 . 2006-10-15 17:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-02 18:56 . 2009-10-02 18:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-02 18:54 . 2009-10-02 18:54 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-02 18:52 . 2005-07-31 01:59 77423 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-09-30 19:40 . 2005-09-27 14:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-28 20:57 . 2009-10-21 16:34 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-09-15 21:35 . 2009-09-15 21:35 156488 ----a-w- c:\windows\system32\mscorier.dll
2009-09-11 14:18 . 2001-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 04:22 . 2009-09-10 04:22 351248 ----a-w- c:\windows\system32\FTBSaver.scr
2009-09-09 16:49 . 2009-09-09 16:49 294912 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\ap_graphics_5.05_windows_intelx86.exe
2009-09-09 16:49 . 2009-09-09 16:49 479232 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
2009-09-04 21:03 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 05:57 . 2009-08-30 05:57 234328 ----a-w- c:\windows\system32\SqlServerSpatial.dll
2009-08-29 08:08 . 2004-01-08 22:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2001-08-18 12:00 247326 -c--a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 65536]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-06-10 58112]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WSearch"=2 (0x2)
"wscsvc"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UPHClean"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"stllssvr"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SQLWriter"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MSCamSvc"=2 (0x2)
"lxcy_device"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"KService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c98d4117b9692c"=2 (0x2)
"fsssvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v4.0.21006_32"=2 (0x2)
"cisvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
"AVGFwSrv"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe"
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe"
"VX1000 Lifecam"=c:\windows\vVX1000.exe
"Nvidia CplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26198:TCP"= 26198:TCP:*:Disabled:SolidNetworkManager
"26198:UDP"= 26198:UDP:*:Disabled:SolidNetworkManager
"47046:TCP"= 47046:TCP:*:Disabled:SolidNetworkManager
"47046:UDP"= 47046:UDP:*:Disabled:SolidNetworkManager
"44207:TCP"= 44207:TCP:*:Disabled:SolidNetworkManager
"44207:UDP"= 44207:UDP:*:Disabled:SolidNetworkManager
"35288:TCP"= 35288:TCP:SolidNetworkManager
"35288:UDP"= 35288:UDP:SolidNetworkManager
"24603:TCP"= 24603:TCP:*:Disabled:SolidNetworkManager
"24603:UDP"= 24603:UDP:*:Disabled:SolidNetworkManager
"62166:TCP"= 62166:TCP:*:Disabled:SolidNetworkManager
"62166:UDP"= 62166:UDP:*:Disabled:SolidNetworkManager
"38847:TCP"= 38847:TCP:*:Disabled:SolidNetworkManager
"38847:UDP"= 38847:UDP:*:Disabled:SolidNetworkManager
"33302:TCP"= 33302:TCP:*:Disabled:SolidNetworkManager
"33302:UDP"= 33302:UDP:*:Disabled:SolidNetworkManager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
"LogSuccessfulConnections"= 0 (0x0)
"LogDroppedPackets"= 0 (0x0)
"LogFileSize"= 0 (0x0)
"LogFilePath"=

R2 A4SII300;A4SII300;c:\windows\System32\drivers\A4SII300.SYS [1998-02-26 25632]
R2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 HPFECP16;HPFECP16;c:\windows\System32\drivers\HPFECP16.SYS [1998-07-01 52800]
R3 08110;08110;c:\windows\system32\08110.sys [x]
R3 0a414;0a414;c:\windows\system32\0a414.sys [x]
R3 0df13;0df13;c:\windows\system32\0df13.sys [x]
R3 14a5;14a5;c:\windows\system32\14a5.sys [x]
R3 1c58;1c58;c:\windows\system32\1c58.sys [x]
R3 323F;323F;c:\windows\system32\323F.sys [x]
R3 4b3D;4b3D;c:\windows\system32\4b3D.sys [x]
R3 652E;652E;c:\windows\system32\652E.sys [x]
R3 6897;6897;c:\windows\system32\6897.sys [x]
R3 6d43;6d43;c:\windows\system32\6d43.sys [x]
R3 8349;8349;c:\windows\system32\8349.sys [x]
R3 8ed15;8ed15;c:\windows\system32\8ed15.sys [x]
R3 abfB;abfB;c:\windows\system32\abfB.sys [x]
R3 b3111;b3111;c:\windows\system32\b3111.sys [x]
R3 COPDMID;COPDMID;c:\docume~1\ADMINI~1\LOCALS~1\Temp\COPDMID.exe [x]
R3 d434;d434;c:\windows\system32\d434.sys [x]
R3 e89C;e89C;c:\windows\system32\e89C.sys [x]
R3 e8cD;e8cD;c:\windows\system32\e8cD.sys [x]
R3 ec6C;ec6C;c:\windows\system32\ec6C.sys [x]
R3 RDUWYMTET;RDUWYMTET;c:\docume~1\ADMINI~1\LOCALS~1\Temp\RDUWYMTET.exe [x]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity32.sys [2009-03-02 30136]
R4 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856]
R4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R4 gupdate1c98d4117b9692c;Google Update Service (gupdate1c98d4117b9692c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
R4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-02-20 495616]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R4 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984]

.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\1.1.0.4\FileHelper.exe [2009-10-21 12:49]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 18:38]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 18:38]

2009-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{40E14839-799E-4135-9271-04B630F7AE2E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 14:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-838170752-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,66,98,ba,15,1f,b1,44,ba,75,79,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,66,98,ba,15,1f,b1,44,ba,75,79,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codecx.acm
c:\windows\system32\sirenacm.dll
.
Completion time: 2009-11-21 14:15
ComboFix-quarantined-files.txt 2009-11-21 14:15

Pre-Run: 20,432,396,288 bytes free
Post-Run: 20,412,493,824 bytes free

- - End Of File - - 9656AEE3FB2F201D89A70437EA131AF3

Unfortunately the windows recovery console was not installed and the infected machine failed to access the internet to install it, stating that no connection could be found,even though this machine was already connected and was working fine.

#8 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 27,041
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 21 November 2009 - 02:01 PM

We need to run Combofix again with a script to remove some of the entries

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

Driver::
08110
0a414
0df13
14a5
1c58
323F
4b3D
652E
6897
6d43
8349
8ed15
abfB
b3111
COPDMID
d434
e89C
e8cD
ec6C
RDUWYMTET

File::
c:\windows\system32\08110.sys
c:\windows\system32\0a414.sys
c:\windows\system32\0df13.sys
c:\windows\system32\14a5.sys
c:\windows\system32\1c58.sys
c:\windows\system32\323F.sys
c:\windows\system32\4b3D.sys
c:\windows\system32\652E.sys
c:\windows\system32\6897.sys
c:\windows\system32\6d43.sys
c:\windows\system32\8349.sys
c:\windows\system32\8ed15.sys
c:\windows\system32\abfB.sys
c:\windows\system32\b3111.sys
c:\docume~1\ADMINI~1\LOCALS~1\Temp\COPDMID.exe
c:\windows\system32\d434.sys
c:\windows\system32\e89C.sys
c:\windows\system32\e8cD.sys
c:\windows\system32\ec6C.sys
c:\docume~1\ADMINI~1\LOCALS~1\Temp\RDUWYMTET.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Thanks

If I have helped you fix your PC then please donate to the anti-malware cause. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#9 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 22 November 2009 - 07:16 AM

I followed your instructions and a warning came up that AntiVir desktop real time scanner was still active and that I continue to run the fix at my own risk. I have searched for antivir and found nothing, I have also checked add/remove programmes together with a check of the registry entries and again found nothing. before I continued to run the fix I thought it prudent to ask your advice

#10 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 27,041
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 22 November 2009 - 07:29 AM

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks like this: Posted Image

)

right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks like this: )

You can now run Combofix

If Antivir has already been removed previously and there are no umbrellas then run Combofix anyway.

Thanks

This post has been edited by m0le: 22 November 2009 - 07:29 AM

If I have helped you fix your PC then please donate to the anti-malware cause. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#11 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 23 November 2009 - 06:13 AM

thanks.....checked, still unable to find antivir, machine still starting in safe mode and unable to connect to internet although the computer I am using at the same time and using the same connection is able to. some items still not running eg firewall settings cannot be displayed, cannot load access conection manager nor network set up wizard etc but I ran the fix anyway,,,,, here it is

ComboFix 09-11-20.02 - Michael 23/11/2009 10:10:40.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.773 [GMT 0:00]
Running from: E:\comfix.com.exe
Command switches used :: E:\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\COPDMID.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\RDUWYMTET.exe"
"c:\windows\system32\08110.sys"
"c:\windows\system32\0a414.sys"
"c:\windows\system32\0df13.sys"
"c:\windows\system32\14a5.sys"
"c:\windows\system32\1c58.sys"
"c:\windows\system32\323F.sys"
"c:\windows\system32\4b3D.sys"
"c:\windows\system32\652E.sys"
"c:\windows\system32\6897.sys"
"c:\windows\system32\6d43.sys"
"c:\windows\system32\8349.sys"
"c:\windows\system32\8ed15.sys"
"c:\windows\system32\abfB.sys"
"c:\windows\system32\b3111.sys"
"c:\windows\system32\d434.sys"
"c:\windows\system32\e89C.sys"
"c:\windows\system32\e8cD.sys"
"c:\windows\system32\ec6C.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_08110
-------\Legacy_0A414
-------\Legacy_0DF13
-------\Legacy_14A5
-------\Legacy_1C58
-------\Legacy_323F
-------\Legacy_4B3D
-------\Legacy_652E
-------\Legacy_6897
-------\Legacy_6D43
-------\Legacy_8349
-------\Legacy_8ED15
-------\Legacy_ABFB
-------\Legacy_B3111
-------\Legacy_COPDMID
-------\Legacy_D434
-------\Legacy_E89C
-------\Legacy_E8CD
-------\Legacy_EC6C
-------\Legacy_RDUWYMTET
-------\Service_08110
-------\Service_0a414
-------\Service_0df13
-------\Service_14a5
-------\Service_1c58
-------\Service_323F
-------\Service_4b3D
-------\Service_652E
-------\Service_6897
-------\Service_6d43
-------\Service_8349
-------\Service_8ed15
-------\Service_abfB
-------\Service_b3111
-------\Service_COPDMID
-------\Service_d434
-------\Service_e89C
-------\Service_e8cD
-------\Service_ec6C
-------\Service_RDUWYMTET

((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-22 12:04:34 . 2009-11-22 12:04:34 0 dc----w- C:\Documents and Settings\Administrator\Application Data\Windows Search
2009-11-22 11:58:49 . 2009-11-22 11:58:49 95864 -c--a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-09 17:48:28 . 2009-11-09 17:48:28 0 d-----w- C:\WINDOWS\LastGood
2009-11-09 17:46:11 . 2009-03-02 11:24:26 30136 ----a-w- C:\WINDOWS\system32\drivers\rspSanity32.sys
2009-11-09 17:42:31 . 2009-11-09 17:42:31 0 dc----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\jZip
2009-11-09 16:38:52 . 2001-08-18 12:00:00 31744 ----a-w- C:\WINDOWS\system32\fxsroute.dll
2009-11-09 16:38:52 . 2001-08-18 12:00:00 11264 ----a-w- C:\WINDOWS\system32\fxssend.exe
2009-11-09 16:38:51 . 2001-08-18 12:00:00 132608 ----a-w- C:\WINDOWS\system32\fxsclntR.dll
2009-11-09 16:38:51 . 2001-08-18 12:00:00 111104 ----a-w- C:\WINDOWS\system32\fxscfgwz.dll
2009-11-08 13:26:15 . 2009-11-08 13:26:15 0 dc----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\ATI
2009-11-08 13:26:15 . 2009-11-08 13:26:15 0 dc----w- C:\Documents and Settings\Administrator\Application Data\ATI
2009-11-08 13:20:40 . 2009-11-08 13:20:40 0 dc----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2009-11-07 17:16:42 . 2009-11-09 13:38:34 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2009-11-04 17:11:09 . 2009-11-04 17:11:09 88 ----a-w- C:\Documents and Settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2009-11-04 17:11:09 . 2009-11-04 17:11:09 100 ----a-w- C:\Documents and Settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2009-11-01 17:33:15 . 2009-11-01 17:33:15 0 d-----w- C:\WINDOWS\system32\XPToolsLicenseComponent
2009-10-27 19:48:38 . 2009-10-27 19:49:51 0 d-----w- C:\Documents and Settings\Michael\figurines
2009-10-26 17:59:07 . 2009-10-26 17:59:07 319702 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2009-10-26 15:45:07 . 2009-10-26 15:45:07 0 d-----w- C:\Program Files\Microsoft ASP.NET
2009-10-26 15:29:47 . 2009-10-26 15:47:44 570624 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
2009-10-26 15:17:02 . 2009-10-26 15:17:03 0 d-----w- C:\Program Files\Microsoft Web Designer Tools
2009-10-26 14:32:22 . 2009-10-26 14:32:22 0 d-----w- C:\Program Files\Microsoft Help
2009-10-26 14:23:29 . 2009-07-23 03:08:48 50200 ----a-w- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-10-26 14:22:31 . 2009-07-23 03:08:48 79896 ----a-w- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-10-26 14:19:15 . 2009-10-26 14:19:15 0 d-----w- C:\WINDOWS\system32\RsFx
2009-10-26 13:12:05 . 2009-10-26 13:12:05 0 d-----w- C:\Program Files\Microsoft Synchronization Services
2009-10-26 13:10:39 . 2009-10-26 14:31:47 205760 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2009-10-26 13:05:10 . 2009-10-26 14:30:33 0 d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2009-10-26 12:56:33 . 2009-10-28 21:05:38 219256 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-26 11:52:50 . 2009-10-26 11:52:54 0 d-----w- C:\Program Files\Microsoft Pro Photo Tools
2009-10-25 19:24:56 . 2009-10-25 19:24:59 0 d-----w- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-10-24 17:19:10 . 2009-10-26 13:11:59 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 13:45:14 . 2009-10-02 18:28:27 0 d-----w- C:\Program Files\Eusing Free Registry Defrag
2009-11-18 20:26:46 . 2009-01-01 19:57:15 0 d-----w- C:\Documents and Settings\All Users\Application Data\BOINC
2009-11-17 18:37:33 . 2009-01-14 13:39:18 0 d-----w- C:\Program Files\RegScrubXP
2009-11-17 18:35:30 . 2006-07-20 18:22:24 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 18:35:30 . 2006-07-20 18:22:22 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-11-07 16:05:41 . 2006-09-22 16:06:59 0 d-----w- C:\Program Files\lx_cats
2009-11-02 20:42:06 . 2009-10-02 17:37:16 195456 ------w- C:\WINDOWS\system32\MpSigStub.exe
2009-10-27 17:59:21 . 2009-10-02 18:54:29 0 d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2009-10-26 15:38:12 . 2007-12-04 20:37:28 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-26 15:36:32 . 2008-03-24 20:14:04 416 -c--a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-10-26 15:32:50 . 2008-02-09 15:37:32 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-10-26 15:25:03 . 2008-03-24 20:07:21 0 d-----w- C:\Program Files\Microsoft Visual Studio 9.0
2009-10-26 14:19:40 . 2008-03-24 20:20:24 0 d-----w- C:\Program Files\Microsoft SQL Server
2009-10-26 14:14:53 . 2007-12-06 15:10:06 0 d-----w- C:\Program Files\Microsoft.NET
2009-10-26 12:11:41 . 2009-02-04 17:11:29 0 d-----w- C:\Program Files\Microsoft
2009-10-23 10:36:14 . 2009-10-23 10:36:13 0 d-----w- C:\Program Files\EverydayBiographies
2009-10-22 19:09:32 . 2009-10-22 17:57:26 0 d-----w- C:\Documents and Settings\All Users\Application Data\MyHeritage
2009-10-22 19:09:28 . 2009-10-22 17:56:21 0 d-----w- C:\Program Files\MyHeritage
2009-10-22 17:57:10 . 2009-09-29 18:55:01 0 d-----w- C:\Program Files\Family Toolbar
2009-10-21 17:39:34 . 2009-10-21 17:39:34 0 d-----w- C:\Program Files\File Helper
2009-10-21 16:35:08 . 2009-10-21 16:35:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2009-10-21 16:34:56 . 2008-01-06 19:54:59 0 d-----w- C:\Program Files\CDBurnerXP
2009-10-07 05:31:18 . 2009-10-07 05:31:18 17744 ----a-w- C:\WINDOWS\system32\aspnet_counters.dll
2009-10-07 02:44:58 . 2009-10-07 02:44:58 767312 ----a-w- C:\WINDOWS\system32\msvcr100_clr0400.dll
2009-10-07 02:44:58 . 2009-10-07 02:44:58 70456 ----a-w- C:\WINDOWS\system32\dxva2.dll
2009-10-07 02:44:58 . 2009-10-07 02:44:58 486200 ----a-w- C:\WINDOWS\system32\evr.dll
2009-10-07 02:17:56 . 2009-10-07 02:17:56 99160 ----a-w- C:\WINDOWS\system32\PresentationHostProxy.dll
2009-10-07 02:17:56 . 2009-10-07 02:17:56 48960 ----a-w- C:\WINDOWS\system32\netfxperf.dll
2009-10-07 02:17:56 . 2009-10-07 02:17:56 297792 ----a-w- C:\WINDOWS\system32\mscoree.dll
2009-10-07 02:17:56 . 2009-10-07 02:17:56 295248 ----a-w- C:\WINDOWS\system32\PresentationHost.exe
2009-10-07 02:17:56 . 2009-10-07 02:17:56 1130816 ----a-w- C:\WINDOWS\system32\dfshim.dll
2009-10-07 01:21:54 . 2009-10-07 01:21:54 80704 ----a-w- C:\WINDOWS\system32\mfcm100u.dll
2009-10-07 01:21:54 . 2009-10-07 01:21:54 80192 ----a-w- C:\WINDOWS\system32\mfcm100.dll
2009-10-07 01:21:54 . 2009-10-07 01:21:54 767296 ----a-w- C:\WINDOWS\system32\msvcr100.dll
2009-10-07 01:21:54 . 2009-10-07 01:21:54 4371264 ----a-w- C:\WINDOWS\system32\mfc100u.dll
2009-10-07 01:21:54 . 2009-10-07 01:21:54 4344640 ----a-w- C:\WINDOWS\system32\mfc100.dll
2009-10-07 01:21:54 . 2009-10-07 01:21:54 424256 ----a-w- C:\WINDOWS\system32\msvcp100.dll
2009-10-07 01:21:54 . 2009-10-07 01:21:54 138048 ----a-w- C:\WINDOWS\system32\atl100.dll
2009-10-03 17:02:26 . 2007-03-29 16:52:24 0 d-----w- C:\Program Files\Google
2009-10-02 19:54:26 . 2007-06-22 19:18:16 0 d-----w- C:\Program Files\QuickTime
2009-10-02 19:54:01 . 2007-06-22 19:14:16 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-02 19:21:24 . 2009-02-27 14:44:17 0 d-----w- C:\Program Files\NCH Software
2009-10-02 19:01:08 . 2006-10-15 17:14:51 0 d-----w- C:\Program Files\Common Files\Adobe
2009-10-02 18:56:02 . 2009-10-02 18:56:02 0 d-----w- C:\Program Files\Common Files\Adobe AIR
2009-10-02 18:54:43 . 2009-10-02 18:54:42 86016 ----a-w- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-02 18:52:55 . 2005-07-31 01:59:19 77423 ----a-w- C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-09-30 19:40:13 . 2005-09-27 14:07:48 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-09-28 20:57:28 . 2009-10-21 16:34:47 7168 ----a-w- C:\WINDOWS\system32\drivers\StarOpen.sys
2009-09-15 21:35:20 . 2009-09-15 21:35:20 156488 ----a-w- C:\WINDOWS\system32\mscorier.dll
2009-09-11 14:18:39 . 2001-08-18 12:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-10 04:22:38 . 2009-09-10 04:22:38 351248 ----a-w- C:\WINDOWS\system32\FTBSaver.scr
2009-09-09 16:49:57 . 2009-09-09 16:49:42 294912 ----a-w- C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\ap_graphics_5.05_windows_intelx86.exe
2009-09-09 16:49:35 . 2009-09-09 16:49:06 479232 ----a-w- C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
2009-09-04 21:03:36 . 2001-08-18 12:00:00 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-08-30 05:57:16 . 2009-08-30 05:57:16 234328 ----a-w- C:\WINDOWS\system32\SqlServerSpatial.dll
2009-08-29 08:08:21 . 2004-01-08 22:23:38 916480 ------w- C:\WINDOWS\system32\wininet.dll
2009-08-26 08:00:21 . 2001-08-18 12:00:00 247326 -c--a-w- C:\WINDOWS\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46:54 2642432 ----a-w- C:\Program Files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "C:\Program Files\Family Toolbar\tbcore3.dll" [2009-05-07 21:46:54 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "C:\Program Files\Family Toolbar\tbcore3.dll" [2009-05-07 21:46:54 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCYCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 18:38:40 65536]
"boinctray"="C:\Program Files\BOINC\boinctray.exe" [2009-06-10 10:05:38 58112]
"boincmgr"="C:\Program Files\BOINC\boincmgr.exe" [2009-06-10 10:05:38 4182784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 00:12:16 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 00:44:24 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 21:41:34 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WSearch"=2 (0x2)
"wscsvc"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UPHClean"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"stllssvr"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SQLWriter"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MSCamSvc"=2 (0x2)
"lxcy_device"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"KService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c98d4117b9692c"=2 (0x2)
"fsssvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v4.0.21006_32"=2 (0x2)
"cisvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
"AVGFwSrv"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe"
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe"
"VX1000 Lifecam"=C:\WINDOWS\vVX1000.exe
"Nvidia CplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Family Tree Builder Update"=C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26198:TCP"= 26198:TCP:*:Disabled:SolidNetworkManager
"26198:UDP"= 26198:UDP:*:Disabled:SolidNetworkManager
"47046:TCP"= 47046:TCP:*:Disabled:SolidNetworkManager
"47046:UDP"= 47046:UDP:*:Disabled:SolidNetworkManager
"44207:TCP"= 44207:TCP:*:Disabled:SolidNetworkManager
"44207:UDP"= 44207:UDP:*:Disabled:SolidNetworkManager
"35288:TCP"= 35288:TCP:SolidNetworkManager
"35288:UDP"= 35288:UDP:SolidNetworkManager
"24603:TCP"= 24603:TCP:*:Disabled:SolidNetworkManager
"24603:UDP"= 24603:UDP:*:Disabled:SolidNetworkManager
"62166:TCP"= 62166:TCP:*:Disabled:SolidNetworkManager
"62166:UDP"= 62166:UDP:*:Disabled:SolidNetworkManager
"38847:TCP"= 38847:TCP:*:Disabled:SolidNetworkManager
"38847:UDP"= 38847:UDP:*:Disabled:SolidNetworkManager
"33302:TCP"= 33302:TCP:*:Disabled:SolidNetworkManager
"33302:UDP"= 33302:UDP:*:Disabled:SolidNetworkManager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
"LogSuccessfulConnections"= 0 (0x0)
"LogDroppedPackets"= 0 (0x0)
"LogFileSize"= 0 (0x0)
"LogFilePath"=

S2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\a4sii300.sys [31/08/2005 17:11:33 25632]
S2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [04/02/2009 17:19:28 55136]
S2 HPFECP16;HPFECP16;C:\WINDOWS\system32\drivers\HPFecp16.sys [01/07/1998 06:55:56 52800]
S3 rspSanity;rspSanity;C:\WINDOWS\system32\drivers\rspSanity32.sys [09/11/2009 17:46:11 30136]
S4 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [07/10/2009 02:44:58 129856]
S4 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 17:08:58 533360]
S4 gupdate1c98d4117b9692c;Google Update Service (gupdate1c98d4117b9692c);C:\Program Files\Google\Update\GoogleUpdate.exe [12/02/2009 18:38:23 133104]
S4 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service --> C:\WINDOWS\system32\lxcycoms.exe -service [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/07/2009 03:08:48 47128]
S4 RsFx0103;RsFx0103 Driver;C:\WINDOWS\system32\drivers\RsFx0103.sys [30/03/2009 03:09:28 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23:24 366936]
S4 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [03/11/2006 18:19:58 13592]
S4 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28:36 1533808]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [07/10/2009 02:44:58 752984]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 C:\WINDOWS\Tasks\File Helper.job
- C:\Program Files\File Helper\1.1.0.4\FileHelper.exe [2009-10-21 17:39:34 . 2009-10-13 12:49:20]

2009-11-07 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 18:38:23 . 2009-02-12 18:38:19]

2009-11-07 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 18:38:23 . 2009-02-12 18:38:19]

2009-11-07 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20:06 . 2006-11-03 18:20:06]

2009-11-08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{40E14839-799E-4135-9271-04B630F7AE2E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58:32 . 2009-03-08 03:31:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
Trusted Zone: bananalotto.co.uk\www
Trusted Zone: google.co.uk\www
Trusted Zone: mail.com\mail01
Trusted Zone: mail.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: thedailydraw.com\www
Trusted Zone: theprizefinder.com\www
Trusted Zone: tiscali.co.uk\www
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
thanks again for your patience..

#12 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 27,041
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 23 November 2009 - 07:24 AM

Let's see if we can get the internet back for you at this stage

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.

Double click on WinsockXPFix.exe to open.
On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
On the ERDNT Welcome screen, click "OK".
On the Backup to: screen, click "OK".
On the Folder does not exist question screen click "Yes".
You will see a status screen as your registry is being backed up.
On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
On the Winsock and TCP Repair Utility screen, click "Fix".
On the Apply the VB_Winsock fix? screen click "Yes".
The screen will display a status message "repair completed please reboot."
On the Repair Completed screen click "OK" to reboot your computer.
If your computer was not using DHCP, you will need to reconfigure TCP/IP.
You should have connectivity restored.

Let me know if that works.

If I have helped you fix your PC then please donate to the anti-malware cause. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#13 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 23 November 2009 - 03:20 PM

ran winsock..... numerous error messages came up, ie,,, error saving 'c:\erdnt,' 'Software', 'System,' 'Default', 'Sam', 'c:\erdnt\users\s-1-5-21-2025429265-838170752-725345542 etc 'then 'classes\usrclass.dat' then carried on to backup registry.
After fix completed still unable to connect to internet.
Windows firewall not working, system restore screen is shown but no dates can be selected, in internet properties ' error 711 cannot access connection manager, cofiguration error.'
In administrative tools, services, All services appeared disabled, changed some of them to automatic or manual, tried to reinstal tcp/ip services via flash drive from microsoft and manually but unsuccesful due to computer being in safe mode, tried to reboot into normal windows, again unsuccesful

sorry that my computer skills are so limited, what can you advise me to do next

#14 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 27,041
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 23 November 2009 - 06:53 PM

Let's go back to something I should have done earlier. The symptoms look like a rootkit despite the fact that your system is running quite well.

Let's make sure that we clear out any other possibilities.

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

If I have helped you fix your PC then please donate to the anti-malware cause. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#15 pensioner

Member

Group: Members
Posts: 30
Joined: 09-November 09
Gender:Male
Location:Nottinghamshire UK

Posted 24 November 2009 - 05:55 AM

thanks again, here is the log you requested

Running from: C:\Documents and Settings\Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\es.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\browser.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\browser.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

Finished!