Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Virut/Win32:trojan-gen/and several others


  • This topic is locked This topic is locked
42 replies to this topic

#1 kayjunspice

kayjunspice

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 14 February 2009 - 07:59 PM

We have been at this virus for about a week. It's caused the computer to shut off and on continuously, has disabled system restore and windows security center. With the help of Microsoft, we were able to update our computer accordingly but we were unable to completely remove the virus. Every few hours we'll get new stuff showing up on Hijackthis and Malwarebytes. I've used the combofix, but to no avail. System is running okay, and I'm able to access the internet at least. We've been through several programs to include, but not limited to...Spybot, Windows OneCare Live Scanner, a few others..done a few system recoverys. Here are my logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:13 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 2288 bytes





-------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.33
Database version: 1742
Windows 5.1.2600 Service Pack 3

2/14/2009 6:38:41 PM
mbam-log-2009-02-14 (18-38-41).txt

Scan type: Quick Scan
Objects scanned: 48993
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qztdwfgx (Rootkit.Pakes) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qztdwfgx (Rootkit.Pakes) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qztdwfgx (Rootkit.Pakes) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\qztdwfgx.sys (Rootkit.Pakes) -> Delete on reboot.
C:\Documents and Settings\Owner\Desktop\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.











We appreciate your help in this matter. I'm going nuts!! :thumbup2:

BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:16 PM

Posted 14 February 2009 - 08:20 PM

Hello, kayjunspice.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 kayjunspice

kayjunspice
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 14 February 2009 - 11:16 PM

I'd like to note that all my startup entries in my system configuration have disappeared. Geez huh? Here are the logs you requested.

Thanks again....so so much.






info.txt logfile of random's system information tool 1.05 2009-02-14 22:13:37

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Agere Systems PCI Soft Modem-->agrsmdel
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Easy Assist v2-->MsiExec.exe /I{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Owner\reader_s.exe (User 'Default user')
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Owner\reader_s.exe (User '?')
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234231299581
O4 - HKUS\S-1-5-18\..\Run: [vxrprzbo.exe] C:\WINDOWS\vxrprzbo.exe (User '?')
O4 - HKUS\S-1-5-21-756278633-3823987973-3328168765-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090214-0]

System event log

Computer Name: YOUR-C8BH3JAGLT
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 394971
Source Name: Service Control Manager
Time Written: 20090213142239.000000-360
Event Type: information
User:

Computer Name: YOUR-C8BH3JAGLT
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 394970
Source Name: Service Control Manager
Time Written: 20090213142238.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-C8BH3JAGLT
Event Code: 6005
Message: The Event log service was started.

Record Number: 394969
Source Name: EventLog
Time Written: 20090213142224.000000-360
Event Type: information
User:

Computer Name: YOUR-C8BH3JAGLT
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 394968
Source Name: EventLog
Time Written: 20090213142224.000000-360
Event Type: information
User:

Computer Name: YOUR-C8BH3JAGLT
Event Code: 6006
Message: The Event log service was stopped.

Record Number: 394967
Source Name: EventLog
Time Written: 20090213142118.000000-360
Event Type: information
User:

Application event log

Computer Name: YOUR-C8BH3JAGLT
Event Code: 26
Message:
Record Number: 237
Source Name: ccProxy
Time Written: 20090212095417.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-C8BH3JAGLT
Event Code: 1
Message:
Record Number: 236
Source Name: ccEvtMgr
Time Written: 20090212095409.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-C8BH3JAGLT
Event Code: 26
Message:
Record Number: 235
Source Name: ccEvtMgr
Time Written: 20090212095406.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-C8BH3JAGLT
Event Code: 1
Message:
Record Number: 234
Source Name: ccSetMgr
Time Written: 20090212095406.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-C8BH3JAGLT
Event Code: 26
Message:
Record Number: 233
Source Name: ccSetMgr
Time Written: 20090212095406.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------








This is the second of two log files------------



Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-02-14 22:13:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (75%) free of 34 GB
Total RAM: 1271 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:30 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 2854 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-01-16 88363]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2
"navapsvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\network diagnostic\xpnetdiag.exe"="C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Disabled:Network Diagnostic for Windows XP"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-02-14 22:13:15 ----D---- C:\rsit
2009-02-14 22:07:56 ----D---- C:\WINDOWS\LastGood
2009-02-14 21:46:03 ----SHD---- C:\RECYCLER
2009-02-14 19:31:53 ----D---- C:\WINDOWS\temp
2009-02-14 19:31:51 ----A---- C:\ComboFix.txt
2009-02-14 09:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-14 09:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-14 09:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-14 09:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-14 09:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-02-14 09:17:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-14 09:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-14 09:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-14 09:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-14 09:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-14 09:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-14 09:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-14 09:16:23 ----D---- C:\Program Files\Trend Micro
2009-02-14 09:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-14 09:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-14 09:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-14 09:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-02-14 09:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-14 09:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-14 09:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-14 09:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-14 09:14:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-14 08:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-14 08:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-14 08:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-14 08:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-13 22:05:45 ----A---- C:\WINDOWS\system32\3E.tmp
2009-02-13 22:05:44 ----A---- C:\WINDOWS\system32\3D.tmp
2009-02-13 21:24:35 ----D---- C:\fsaua.data
2009-02-13 20:18:35 ----A---- C:\WINDOWS\zip.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\VFIND.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\SWSC.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\SWREG.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\sed.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\grep.exe
2009-02-13 20:18:35 ----A---- C:\WINDOWS\fdsv.exe
2009-02-13 20:18:31 ----D---- C:\WINDOWS\ERDNT
2009-02-13 20:18:31 ----D---- C:\Qoobox
2009-02-13 18:09:09 ----A---- C:\WINDOWS\system32\21.tmp
2009-02-13 17:19:22 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-02-13 17:19:22 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-02-13 17:19:22 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-02-13 17:19:22 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-13 17:19:19 ----D---- C:\Program Files\Alwil Software
2009-02-13 16:58:17 ----A---- C:\WINDOWS\system32\20.tmp
2009-02-13 16:58:04 ----A---- C:\WINDOWS\system32\1B.tmp
2009-02-13 16:45:20 ----A---- C:\WINDOWS\system32\MRT.INI
2009-02-13 16:43:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-13 16:43:11 ----A---- C:\WINDOWS\system32\F2.tmp
2009-02-13 16:43:10 ----A---- C:\WINDOWS\system32\F1.tmp
2009-02-13 16:36:55 ----A---- C:\WINDOWS\system32\1A.tmp
2009-02-13 16:36:53 ----A---- C:\WINDOWS\system32\19.tmp
2009-02-13 16:30:01 ----D---- C:\Program Files\AVG
2009-02-13 16:16:02 ----A---- C:\WINDOWS\system32\16.tmp
2009-02-13 16:16:02 ----A---- C:\WINDOWS\system32\15.tmp
2009-02-13 16:11:17 ----A---- C:\WINDOWS\system32\14.tmp
2009-02-13 16:11:16 ----A---- C:\WINDOWS\system32\11.tmp
2009-02-13 15:03:45 ----HD---- C:\WINDOWS\PIF
2009-02-13 14:17:18 ----D---- C:\WINDOWS\Minidump
2009-02-13 14:02:25 ----A---- C:\WINDOWS\system32\1C.tmp
2009-02-13 13:49:14 ----A---- C:\WINDOWS\system32\17.tmp
2009-02-13 13:36:27 ----A---- C:\WINDOWS\system32\12.tmp
2009-02-13 13:21:02 ----SHD---- C:\Config.Msi
2009-02-13 12:53:06 ----D---- C:\WINDOWS\WBEM
2009-02-13 12:51:30 ----A---- C:\WINDOWS\system32\1E.tmp
2009-02-13 12:51:28 ----A---- C:\WINDOWS\system32\1D.tmp
2009-02-13 12:51:06 ----HDC---- C:\WINDOWS\ie8
2009-02-13 12:21:08 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-02-13 12:19:07 ----D---- C:\WINDOWS\Prefetch
2009-02-13 12:01:58 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-02-13 12:01:58 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-02-13 12:01:17 ----N---- C:\WINDOWS\system32\proxycfg.exe
2009-02-13 12:01:17 ----N---- C:\WINDOWS\system32\logman.exe
2009-02-13 12:01:06 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-13 12:01:06 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-02-13 12:01:05 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-02-13 12:01:05 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-02-13 12:01:05 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-13 12:01:05 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-02-13 12:01:04 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-13 12:01:04 ----N---- C:\WINDOWS\system32\azroles.dll
2009-02-13 12:01:04 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-02-13 12:01:04 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-13 12:01:04 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\credssp.dll
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\bthserv.dll
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\bthci.dll
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-13 12:01:03 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-13 12:01:02 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-13 12:01:01 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-13 12:01:00 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-02-13 12:00:59 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-02-13 12:00:58 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-02-13 12:00:58 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-02-13 12:00:58 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-02-13 12:00:58 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-02-13 12:00:58 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-02-13 12:00:58 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-02-13 12:00:55 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-13 12:00:54 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-13 12:00:54 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-02-13 12:00:54 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-02-13 12:00:54 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-02-13 12:00:53 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-02-13 12:00:53 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-13 12:00:53 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-02-13 12:00:53 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-13 12:00:53 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-02-13 12:00:52 ----N---- C:\WINDOWS\system32\mssha.dll
2009-02-13 12:00:52 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-02-13 12:00:51 ----N---- C:\WINDOWS\system32\napstat.exe
2009-02-13 12:00:51 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-02-13 12:00:51 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-02-13 12:00:51 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-02-13 12:00:51 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-13 12:00:49 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-02-13 12:00:49 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-02-13 12:00:49 ----N---- C:\WINDOWS\system32\p2p.dll
2009-02-13 12:00:49 ----N---- C:\WINDOWS\system32\onex.dll
2009-02-13 12:00:49 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-02-13 12:00:48 ----N---- C:\WINDOWS\system32\qagent.dll
2009-02-13 12:00:48 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-02-13 12:00:48 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-02-13 12:00:48 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-13 12:00:48 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-02-13 12:00:48 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-02-13 12:00:47 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-02-13 12:00:47 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-02-13 12:00:46 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-02-13 12:00:46 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-13 12:00:46 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-02-13 12:00:46 ----N---- C:\WINDOWS\system32\qutil.dll
2009-02-13 12:00:45 ----N---- C:\WINDOWS\system32\slserv.exe
2009-02-13 12:00:45 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-02-13 12:00:45 ----N---- C:\WINDOWS\system32\slgen.dll
2009-02-13 12:00:45 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-02-13 12:00:45 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-02-13 12:00:45 ----N---- C:\WINDOWS\system32\setupn.exe
2009-02-13 12:00:45 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-02-13 12:00:44 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-02-13 12:00:44 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-02-13 12:00:44 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-02-13 12:00:44 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-02-13 12:00:43 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-02-13 12:00:43 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-02-13 12:00:43 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-02-13 12:00:43 ----N---- C:\WINDOWS\system32\twext.dll
2009-02-13 12:00:42 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-13 12:00:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-13 12:00:41 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-13 12:00:41 ----N---- C:\WINDOWS\system32\wshbth.dll
2009-02-13 12:00:41 ----N---- C:\WINDOWS\system32\wscsvc.dll
2009-02-13 12:00:41 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-02-13 12:00:41 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-02-13 12:00:41 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-02-13 12:00:41 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-02-13 12:00:40 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-02-13 12:00:40 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-13 12:00:40 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-02-13 12:00:39 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-02-13 12:00:39 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-02-13 12:00:39 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-02-13 12:00:38 ----N---- C:\WINDOWS\slrundll.exe
2009-02-13 12:00:38 ----D---- C:\WINDOWS\system32\en-us
2009-02-13 12:00:35 ----D---- C:\WINDOWS\provisioning
2009-02-13 12:00:34 ----D---- C:\WINDOWS\system32\scripting
2009-02-13 12:00:27 ----D---- C:\WINDOWS\l2schemas
2009-02-13 12:00:25 ----D---- C:\WINDOWS\system32\en
2009-02-13 12:00:25 ----D---- C:\Program Files\msn
2009-02-13 12:00:24 ----D---- C:\WINDOWS\system32\bits
2009-02-13 12:00:24 ----D---- C:\WINDOWS\peernet
2009-02-13 11:51:57 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-13 11:43:34 ----D---- C:\WINDOWS\network diagnostic
2009-02-13 11:38:11 ----A---- C:\WINDOWS\002808_.tmp
2009-02-13 11:33:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-13 11:33:06 ----D---- C:\WINDOWS\EHome
2009-02-13 10:43:33 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-12 09:52:50 ----D---- C:\WINDOWS\Sun
2009-02-11 12:25:56 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-11 12:25:51 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-02-11 12:24:55 ----D---- C:\Program Files\Common Files\Adobe
2009-02-11 12:22:15 ----D---- C:\Program Files\NOS
2009-02-11 12:22:15 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-02-11 10:42:25 ----D---- C:\Documents and Settings\Owner\Application Data\U3
2009-02-09 22:05:43 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-02-09 22:05:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-09 22:05:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-09 22:02:21 ----D---- C:\Program Files\Microsoft Easy Assist
2009-02-09 22:02:15 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2009-02-09 21:52:24 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-02-09 21:52:14 ----D---- C:\Program Files\Mozilla Firefox
2009-02-09 20:39:21 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-02-09 20:20:20 ----D---- C:\Program Files\Windows Live Safety Center
2009-02-09 20:05:44 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-09 20:05:41 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-09 20:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-09 20:05:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-09 20:05:01 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-02-09 20:02:23 ----A---- C:\WINDOWS\system32\wups2.dll
2009-02-09 20:02:23 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-09 20:02:23 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-02-09 20:02:23 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-09 20:02:23 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-02-09 20:02:22 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-09 20:02:22 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-09 20:01:51 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-09 19:40:23 ----D---- C:\WINDOWS\pss
2009-02-09 19:34:35 ----RASH---- C:\BOOT.BAK
2009-02-09 19:34:16 ----RSHD---- C:\cmdcons
2009-02-09 19:34:16 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-02-09 19:34:10 ----D---- C:\WINDOWS\setup.pss
2009-02-09 19:28:20 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-02-09 19:25:27 ----HDC---- C:\WINDOWS\$NtUninstallQ331958$
2009-02-09 19:17:54 ----SHD---- C:\System Volume Information
2009-02-09 18:10:03 ----D---- C:\WINDOWS\I386
2009-02-09 17:59:06 ----RSD---- C:\WINDOWS\assembly
2009-02-09 17:58:49 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-09 17:58:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-15 02:22:22 ----N---- C:\WINDOWS\system32\ieframe.dll.mui
2009-01-15 02:22:00 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-01-15 02:21:44 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-01-15 02:19:22 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-01-15 02:19:22 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2009-01-15 02:19:02 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-01-15 02:12:12 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-01-15 02:06:22 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-01-15 02:02:50 ----N---- C:\WINDOWS\system32\iertutil.dll
2009-01-15 02:02:40 ----N---- C:\WINDOWS\system32\msfeeds.dll
2009-01-15 02:01:42 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2009-01-15 02:01:40 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2009-01-15 02:01:40 ----N---- C:\WINDOWS\system32\icardie.dll
2009-01-15 01:50:50 ----N---- C:\WINDOWS\system32\ieui.dll
2009-01-15 01:35:10 ----N---- C:\WINDOWS\system32\ieapfltr.dll

======List of files/folders modified in the last 1 months======

2009-02-14 22:08:06 ----D---- C:\WINDOWS
2009-02-14 22:07:56 ----D---- C:\WINDOWS\system32\drivers
2009-02-14 22:04:40 ----HD---- C:\WINDOWS\inf
2009-02-14 22:04:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-14 22:03:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-14 22:02:56 ----RASH---- C:\boot.ini
2009-02-14 22:02:56 ----A---- C:\WINDOWS\win.ini
2009-02-14 22:02:56 ----A---- C:\WINDOWS\system.ini
2009-02-14 21:09:43 ----D---- C:\WINDOWS\system32
2009-02-14 20:05:32 ----D---- C:\WINDOWS\system32\config
2009-02-14 20:05:14 ----D---- C:\WINDOWS\system32\wbem
2009-02-14 20:05:14 ----D---- C:\WINDOWS\Registration
2009-02-14 19:51:04 ----D---- C:\WINDOWS\system32\Restore
2009-02-14 19:21:05 ----D---- C:\WINDOWS\AppPatch
2009-02-14 19:21:01 ----D---- C:\Program Files\Common Files
2009-02-14 09:52:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-14 09:18:40 ----A---- C:\WINDOWS\imsins.BAK
2009-02-14 09:18:30 ----D---- C:\Program Files\Messenger
2009-02-14 09:16:23 ----D---- C:\Program Files
2009-02-14 09:14:56 ----D---- C:\WINDOWS\WinSxS
2009-02-14 09:14:46 ----SHD---- C:\WINDOWS\Installer
2009-02-14 09:14:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-14 08:58:13 ----D---- C:\Program Files\Internet Explorer
2009-02-14 06:58:29 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-02-13 13:21:25 ----SD---- C:\WINDOWS\Tasks
2009-02-13 13:21:19 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-13 13:16:20 ----D---- C:\WINDOWS\Help
2009-02-13 12:52:59 ----D---- C:\WINDOWS\Media
2009-02-13 12:21:26 ----D---- C:\WINDOWS\Debug
2009-02-13 12:21:24 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-13 12:20:54 ----D---- C:\WINDOWS\security
2009-02-13 12:19:25 ----A---- C:\WINDOWS\setuplog.txt
2009-02-13 12:18:25 ----D---- C:\WINDOWS\system32\Setup
2009-02-13 12:18:22 ----RSD---- C:\WINDOWS\Fonts
2009-02-13 12:17:59 ----D---- C:\WINDOWS\system32\Com
2009-02-13 12:17:59 ----D---- C:\Program Files\Windows NT
2009-02-13 12:17:59 ----D---- C:\Program Files\Windows Media Player
2009-02-13 12:17:59 ----D---- C:\Program Files\Outlook Express
2009-02-13 12:09:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-13 12:01:16 ----D---- C:\WINDOWS\system32\mui
2009-02-13 12:01:15 ----D---- C:\WINDOWS\ime
2009-02-13 12:00:38 ----D---- C:\WINDOWS\system32\usmt
2009-02-13 12:00:38 ----D---- C:\WINDOWS\system32\oobe
2009-02-13 12:00:24 ----D---- C:\Program Files\Movie Maker
2009-02-13 11:51:31 ----D---- C:\WINDOWS\system32\npp
2009-02-13 11:51:28 ----D---- C:\WINDOWS\msagent
2009-02-13 11:51:23 ----D---- C:\WINDOWS\srchasst
2009-02-13 11:51:19 ----D---- C:\Program Files\NetMeeting
2009-02-13 11:50:42 ----D---- C:\Program Files\Common Files\System
2009-02-13 11:49:37 ----D---- C:\WINDOWS\system
2009-02-13 11:43:34 ----RD---- C:\WINDOWS\Web
2009-02-13 11:42:12 ----RASH---- C:\NTDETECT.COM
2009-02-13 11:37:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-12 12:29:07 ----D---- C:\Program Files\Online Services
2009-02-12 12:28:56 ----D---- C:\WINDOWS\addins
2009-02-11 13:02:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-11 12:26:14 ----D---- C:\Program Files\Adobe
2009-02-11 12:25:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-09 21:40:07 ----A---- C:\WINDOWS\system32\ps2.exe
2009-02-09 20:05:00 ----D---- C:\Program Files\Common Files\Real
2009-02-09 20:04:23 ----D---- C:\Program Files\QuickTime
2009-02-09 20:03:32 ----A---- C:\WINDOWS\QUICKEN.INI
2009-02-09 20:03:31 ----D---- C:\Program Files\Quicken
2009-02-09 20:02:27 ----HD---- C:\Program Files\WindowsUpdate
2009-02-09 20:02:16 ----D---- C:\Python22
2009-02-09 19:58:24 ----HD---- C:\Program Files\Uninstall Information
2009-02-09 19:57:38 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2009-02-09 19:57:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-09 19:56:33 ----D---- C:\WINDOWS\PCHealth
2009-02-09 19:53:04 ----HD---- C:\hp
2009-02-09 19:51:54 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-09 19:51:33 ----D---- C:\Program Files\Compaq Instant Support
2009-02-09 19:49:12 ----D---- C:\Program Files\Easy Internet signup
2009-02-09 19:26:16 ----D---- C:\sysprep
2009-02-09 18:13:41 ----D---- C:\WINDOWS\SMINST
2009-02-09 18:09:37 ----D---- C:\Program Files\Common Files\Services
2009-02-09 18:09:23 ----D---- C:\WINDOWS\system32\ras
2009-02-09 18:09:06 ----D---- C:\WINDOWS\system32\icsxml
2009-02-09 18:09:06 ----D---- C:\WINDOWS\system32\ias
2009-02-09 18:07:07 ----D---- C:\WINDOWS\Cursors
2009-02-09 18:07:01 ----HDC---- C:\WINDOWS\$NtUninstallQ817357$
2009-02-09 18:07:01 ----HDC---- C:\WINDOWS\$NtUninstallQ814995$
2009-02-09 18:07:00 ----HDC---- C:\WINDOWS\$NtUninstallQ811789$
2009-02-09 18:07:00 ----HDC---- C:\WINDOWS\$NtUninstallQ329112$
2009-02-09 18:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB828028$
2009-02-09 18:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB824105$
2009-02-09 18:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB823182$
2009-01-15 02:17:22 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-01-15 02:13:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 02:06:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-01-15 02:06:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-01-15 02:06:00 ----A---- C:\WINDOWS\system32\url.dll
2009-01-15 02:05:42 ----A---- C:\WINDOWS\system32\wininet.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\occache.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\msrating.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-01-15 02:04:28 ----A---- C:\WINDOWS\system32\corpol.dll
2009-01-15 02:04:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-01-15 02:03:58 ----A---- C:\WINDOWS\system32\jscript.dll
2009-01-15 02:03:50 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-01-15 02:03:42 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-01-15 02:03:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-01-15 02:03:32 ----A---- C:\WINDOWS\system32\admparse.dll
2009-01-15 02:03:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-01-15 02:03:20 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\inseng.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-01-15 02:03:12 ----A---- C:\WINDOWS\system32\advpack.dll
2009-01-15 02:02:20 ----A---- C:\WINDOWS\system32\mstime.dll
2009-01-15 02:01:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-01-15 02:01:26 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-01-15 02:01:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-01-15 02:01:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-01-15 02:01:16 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-01-15 02:01:06 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-01-15 02:00:46 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-01-15 02:00:38 ----A---- C:\WINDOWS\system32\mshta.exe
2009-01-15 01:50:38 ----A---- C:\WINDOWS\system32\msls31.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-01-16 1252940]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ethaaksm;ethaaksm; C:\WINDOWS\system32\drivers\ethaaksm.sys [2009-02-13 137376]
S1 ethcwxao;ethcwxao; C:\WINDOWS\system32\drivers\ethcwxao.sys [2009-02-13 137376]
S1 ethcxubh;ethcxubh; C:\WINDOWS\system32\drivers\ethcxubh.sys [2009-02-13 137376]
S1 ethdzctq;ethdzctq; C:\WINDOWS\system32\drivers\ethdzctq.sys [2009-02-13 137376]
S1 ethedwwm;ethedwwm; C:\WINDOWS\system32\drivers\ethedwwm.sys [2009-02-13 137376]
S1 ethfsetc;ethfsetc; C:\WINDOWS\system32\drivers\ethfsetc.sys [2009-02-13 137376]
S1 ethftfdq;ethftfdq; C:\WINDOWS\system32\drivers\ethftfdq.sys [2009-02-13 137376]
S1 ethjgptp;ethjgptp; C:\WINDOWS\system32\drivers\ethjgptp.sys [2009-02-13 137376]
S1 ethknoii;ethknoii; C:\WINDOWS\system32\drivers\ethknoii.sys [2009-02-13 137376]
S1 ethkwrgu;ethkwrgu; C:\WINDOWS\system32\drivers\ethkwrgu.sys [2009-02-13 137376]
S1 ethllwrg;ethllwrg; C:\WINDOWS\system32\drivers\ethllwrg.sys [2009-02-13 137376]
S1 ethoqjqp;ethoqjqp; C:\WINDOWS\system32\drivers\ethoqjqp.sys [2009-02-13 137376]
S1 ethortkp;ethortkp; C:\WINDOWS\system32\drivers\ethortkp.sys [2009-02-13 137376]
S1 ethqmxwa;ethqmxwa; C:\WINDOWS\system32\drivers\ethqmxwa.sys [2009-02-13 137376]
S1 ethqxlsl;ethqxlsl; C:\WINDOWS\system32\drivers\ethqxlsl.sys [2009-02-13 137376]
S1 ethrbkar;ethrbkar; C:\WINDOWS\system32\drivers\ethrbkar.sys [2009-02-13 137376]
S1 ethsqerh;ethsqerh; C:\WINDOWS\system32\drivers\ethsqerh.sys [2009-02-13 137376]
S1 ethszsmg;ethszsmg; C:\WINDOWS\system32\drivers\ethszsmg.sys [2009-02-13 137376]
S1 ethvbdya;ethvbdya; C:\WINDOWS\system32\drivers\ethvbdya.sys [2009-02-13 137376]
S1 ethvtsub;ethvtsub; C:\WINDOWS\system32\drivers\ethvtsub.sys [2009-02-13 137376]
S1 ethxrucc;ethxrucc; C:\WINDOWS\system32\drivers\ethxrucc.sys [2009-02-13 137376]
S1 ethzlasq;ethzlasq; C:\WINDOWS\system32\drivers\ethzlasq.sys [2009-02-13 137376]
S1 ethzpkiq;ethzpkiq; C:\WINDOWS\system32\drivers\ethzpkiq.sys [2009-02-13 137376]
S3 aefctnof;aefctnof; \??\C:\WINDOWS\System32\Drivers\aefctnof.sys []
S3 aidhqtso;aidhqtso; \??\C:\WINDOWS\System32\Drivers\aidhqtso.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 axsdjhbb;axsdjhbb; \??\C:\WINDOWS\System32\Drivers\axsdjhbb.sys []
S3 bzubqgnu;bzubqgnu; \??\C:\WINDOWS\System32\Drivers\bzubqgnu.sys []
S3 cbtenglh;cbtenglh; \??\C:\WINDOWS\System32\Drivers\cbtenglh.sys []
S3 fmlmyeqq;fmlmyeqq; \??\C:\WINDOWS\System32\Drivers\fmlmyeqq.sys []
S3 gomedizh;gomedizh; \??\C:\WINDOWS\System32\Drivers\gomedizh.sys []
S3 lpudqurk;lpudqurk; \??\C:\WINDOWS\System32\Drivers\lpudqurk.sys []
S3 mxedvyny;mxedvyny; \??\C:\WINDOWS\System32\Drivers\mxedvyny.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-02-04 134144]
S3 wngicowf;wngicowf; \??\C:\WINDOWS\System32\Drivers\wngicowf.sys []
S3 yvpsczoe;yvpsczoe; \??\C:\WINDOWS\System32\Drivers\yvpsczoe.sys []
S3 zuqkjnyv;zuqkjnyv; \??\C:\WINDOWS\System32\Drivers\zuqkjnyv.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 53248]

-----------------EOF-----------------

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:16 PM

Posted 15 February 2009 - 02:07 AM

Hello kayjunspice

I'd like to note that all my startup entries in my system configuration have disappeared. Geez huh? Here are the logs you requested


Are you referring to msconfig, or your hijackthis log?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 kayjunspice

kayjunspice
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 15 February 2009 - 07:20 AM

Oh, misconfig. Sorry about that

#6 kayjunspice

kayjunspice
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 15 February 2009 - 08:11 AM

Forgive my memory, I remember things sporadically. I had also tried the F-Scanner and it froze the computer. Windows Live OneCare found viruses, but was unable to remove them. And every time I do something new, like get a new virus/malware program and run a scan, I have to uninstall my Realtek Ethernet and my modem because I can't get a connection.


Just some added information in case it would help.

Thanks a bunch!! :thumbup2:

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:16 PM

Posted 15 February 2009 - 10:49 AM

Hello kayjunspice
Thanks for all that information, and don't worry, feel free to keep adding things to this list :thumbup2:

Please note that I'm currently in the process of my training, so all my fixes will need to be reviewed by a coach, so my replies may take a while.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 kayjunspice

kayjunspice
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 15 February 2009 - 10:53 AM

That's fine. All I have is time, and I can't really complain since I do have internet access right now. I'm not going to do anything new on my own though, b/c every time I do, I mess something up! LOL I appreciate the time and effort.

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:16 PM

Posted 15 February 2009 - 11:17 AM

Hi kayjunspice
You brought up a very important point in your last post:

I'm not going to do anything new on my own though

When we are proceeding with the fixes, please do not make any changes to your computer (ie, install software, run fix tools, etc.) as it may change your system without me knowing.

I'll get back to you as soon as possible :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 kayjunspice

kayjunspice
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 15 February 2009 - 11:21 AM

Totally understand!! Great! With the logs you asked me to post, did that include the Combofix log in it? Would you like for me to post my last Combofix log?

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:16 PM

Posted 15 February 2009 - 11:25 AM

Hello kayjunspice
I didn't ask for a combofix log to be posted, so I'd prefer if you don't run combofix just yet :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 kayjunspice

kayjunspice
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 15 February 2009 - 11:33 AM

Oh no, I wasn't going to run it again. I had actually done it on my own before I first posted here and have the log saved to my desktop. Sorry about that....I won't do anything else unless you tell me. Thanks!!!

#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:16 PM

Posted 15 February 2009 - 11:37 AM

Hi kayjunspice
If you already have the log then feel free to go ahead and post it.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 kayjunspice

kayjunspice
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 15 February 2009 - 11:45 AM

I apologize for all this.




ComboFix 09-02-12.03 - Owner 2009-02-14 19:19:48.4 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ntndis.sys

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\services.exe . . . is infected!!

c:\windows\system32\svchost.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-14 09:16 . 2009-02-14 09:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-14 08:00 . 2008-12-11 04:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-14 08:00 . 2008-05-01 08:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-14 07:58 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-14 07:58 . 2008-06-13 05:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-14 07:57 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-14 07:56 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-14 07:56 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-14 07:56 . 2008-05-08 08:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-14 07:55 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-13 22:14 . 2009-02-13 22:14 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-13 22:10 . 2009-02-13 22:10 137,376 --a------ c:\windows\system32\drivers\ethvtsub.sys
2009-02-13 22:10 . 2009-02-13 22:10 137,376 --a------ c:\windows\system32\drivers\ethvbdya.sys
2009-02-13 22:10 . 2009-02-13 22:10 137,376 --a------ c:\windows\system32\drivers\ethllwrg.sys
2009-02-13 22:10 . 2009-02-13 22:10 137,376 --a------ c:\windows\system32\drivers\ethjgptp.sys
2009-02-13 22:10 . 2009-02-13 22:10 137,376 --a------ c:\windows\system32\drivers\ethcxubh.sys
2009-02-13 22:10 . 2009-02-13 22:10 137,376 --a------ c:\windows\system32\drivers\ethaaksm.sys
2009-02-13 22:09 . 2009-02-13 22:09 137,376 --a------ c:\windows\system32\drivers\lpudqurk.sys
2009-02-13 22:09 . 2009-02-13 22:09 137,376 --a------ c:\windows\system32\drivers\ethzpkiq.sys
2009-02-13 22:09 . 2009-02-13 22:09 137,376 --a------ c:\windows\system32\drivers\ethsqerh.sys
2009-02-13 22:09 . 2009-02-13 22:09 137,376 --a------ c:\windows\system32\drivers\ethortkp.sys
2009-02-13 22:09 . 2009-02-13 22:09 137,376 --a------ c:\windows\system32\drivers\ethknoii.sys
2009-02-13 22:09 . 2009-02-13 22:09 137,376 --a------ c:\windows\system32\drivers\ethedwwm.sys
2009-02-13 22:05 . 2009-02-13 22:08 163,236 --a------ c:\windows\system32\3E.tmp
2009-02-13 22:05 . 2009-02-13 22:05 132 --a------ c:\windows\system32\3D.tmp
2009-02-13 22:04 . 2009-02-13 22:04 31,744 --ah----- c:\documents and settings\Owner\jswmui.exe
2009-02-13 21:24 . 2009-02-13 21:24 <DIR> d-------- C:\fsaua.data
2009-02-13 18:09 . 2009-02-13 18:11 163,812 --a------ c:\windows\system32\22.tmp
2009-02-13 18:09 . 2009-02-13 18:09 132 --a------ c:\windows\system32\21.tmp
2009-02-13 17:19 . 2009-02-13 17:19 <DIR> d-------- c:\program files\Alwil Software
2009-02-13 16:58 . 2009-02-13 16:58 162,788 --a------ c:\windows\system32\20.tmp
2009-02-13 16:58 . 2009-02-13 16:58 132 --a------ c:\windows\system32\1B.tmp
2009-02-13 16:45 . 2009-02-13 16:45 276 --a------ c:\windows\system32\MRT.INI
2009-02-13 16:43 . 2009-02-13 16:43 162,788 --a------ c:\windows\system32\F2.tmp
2009-02-13 16:43 . 2009-02-13 16:43 132 --a------ c:\windows\system32\F1.tmp
2009-02-13 16:36 . 2009-02-13 16:36 162,788 --a------ c:\windows\system32\1A.tmp
2009-02-13 16:36 . 2009-02-13 16:36 132 --a------ c:\windows\system32\19.tmp
2009-02-13 16:30 . 2009-02-13 16:30 <DIR> d-------- c:\program files\AVG
2009-02-13 16:16 . 2009-02-13 16:16 162,788 --a------ c:\windows\system32\16.tmp
2009-02-13 16:16 . 2009-02-13 16:16 31,744 --ah----- c:\documents and settings\Owner\ryu.exe
2009-02-13 16:16 . 2009-02-13 16:16 132 --a------ c:\windows\system32\15.tmp
2009-02-13 16:14 . 2009-02-13 22:04 53,248 --a------ c:\windows\system32\drivers\ndisio.sys
2009-02-13 16:11 . 2009-02-13 16:13 162,788 --a------ c:\windows\system32\14.tmp
2009-02-13 16:11 . 2009-02-13 16:11 132 --a------ c:\windows\system32\11.tmp
2009-02-13 15:03 . 2009-02-13 15:03 <DIR> d--h----- c:\windows\PIF
2009-02-13 14:23 . 2009-02-13 14:25 162,532 --a------ c:\windows\system32\10.tmp
2009-02-13 14:18 . 2009-02-13 14:18 <DIR> d--hs---- c:\documents and settings\NetworkService\PrivacIE
2009-02-13 14:02 . 2009-02-13 14:05 162,532 --a------ c:\windows\system32\1F.tmp
2009-02-13 14:02 . 2009-02-13 14:02 132 --a------ c:\windows\system32\1C.tmp
2009-02-13 13:49 . 2009-02-13 13:49 163,812 --a------ c:\windows\system32\18.tmp
2009-02-13 13:49 . 2009-02-13 13:49 132 --a------ c:\windows\system32\17.tmp
2009-02-13 13:36 . 2009-02-13 13:36 163,812 --a------ c:\windows\system32\13.tmp
2009-02-13 13:36 . 2009-02-13 13:36 132 --a------ c:\windows\system32\12.tmp
2009-02-13 13:24 . 2009-02-13 13:24 <DIR> d--hs---- c:\documents and settings\Owner\PrivacIE
2009-02-13 13:24 . 2009-02-13 13:24 <DIR> d--hs---- c:\documents and settings\Owner\IETldCache
2009-02-13 13:18 . 2009-02-13 13:18 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-13 12:51 . 2009-02-13 12:52 <DIR> d--h-c--- c:\windows\ie8
2009-02-13 12:51 . 2009-02-13 12:51 162,916 --a------ c:\windows\system32\1E.tmp
2009-02-13 12:51 . 2009-02-13 12:51 31,744 --ah----- c:\documents and settings\Owner\jox.exe
2009-02-13 12:51 . 2009-02-13 12:51 132 --a------ c:\windows\system32\1D.tmp
2009-02-13 12:50 . 2009-02-13 12:50 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-02-13 12:50 . 2009-02-13 22:04 67,072 ---h----- c:\windows\system32\secupdat.dat
2009-02-13 12:50 . 2009-02-13 12:50 31,744 --ah----- c:\documents and settings\Owner\nyckwkx.exe
2009-02-13 12:21 . 2008-04-14 05:42 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-13 12:00 . 2009-02-13 12:00 <DIR> d-------- c:\windows\system32\scripting
2009-02-13 11:51 . 2009-02-13 11:51 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-13 11:38 . 2006-12-29 00:31 19,569 --a------ c:\windows\002808_.tmp
2009-02-13 11:33 . 2009-02-13 11:33 <DIR> d-------- c:\windows\EHome
2009-02-13 10:43 . 2009-02-13 10:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-12 09:52 . 2009-02-12 09:52 <DIR> d-------- c:\windows\Sun
2009-02-11 12:25 . 2009-02-11 12:25 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-11 12:24 . 2009-02-11 12:25 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-11 12:22 . 2009-02-12 06:14 <DIR> d-------- c:\program files\NOS
2009-02-11 12:22 . 2009-02-12 06:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-11 10:42 . 2009-02-11 15:20 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3
2009-02-09 22:05 . 2009-02-09 22:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 22:05 . 2009-02-09 22:05 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-02-09 22:05 . 2009-02-09 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 22:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 22:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 22:02 . 2009-02-09 22:02 <DIR> d-------- c:\program files\Microsoft Easy Assist
2009-02-09 22:02 . 2009-02-09 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Applications
2009-02-09 21:52 . 2009-02-09 21:52 0 --a------ c:\windows\nsreg.dat
2009-02-09 20:20 . 2009-02-09 20:30 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-09 20:05 . 2009-02-14 09:18 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-09 20:05 . 2008-10-13 13:55 26,144 --a------ c:\windows\system32\spupdsvc.exe
2009-02-09 20:02 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-02-09 20:02 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-02-09 20:02 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-02-09 20:02 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-09 20:02 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-02-09 20:02 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-09 20:02 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-09 20:02 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-09 20:02 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-09 20:01 . 2009-02-09 20:01 <DIR> d--hs---- c:\documents and settings\Owner\UserData
2009-02-09 19:28 . 2004-08-20 15:50 159,744 --a------ c:\windows\system32\igfxres.dll
2009-02-09 19:27 . 2009-02-09 19:27 4,210 -rahs---- c:\windows\system32\drivers\HP_PC182A-ABA SR1103WM NA430_YC_Pres_QCNC428_E43NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M1272_J40_7Intel_8Celeron_92.53_1_N10EC8139_P_Z_K_A808624C5_U808624C2.MRK
2009-02-09 19:26 . 2004-04-02 04:07 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2009-02-09 19:24 . 2008-04-14 00:49 146,048 --a------ c:\windows\system32\drivers\portcls.sys
2009-02-09 19:24 . 2008-04-14 00:15 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2009-02-09 19:24 . 2008-04-14 05:42 23,552 --a------ c:\windows\system32\wdmaud.drv
2009-02-09 19:19 . 2008-04-14 00:48 52,480 --a------ c:\windows\system32\drivers\i8042prt.sys
2009-02-09 19:19 . 2008-04-14 00:09 24,576 --a------ c:\windows\system32\drivers\kbdclass.sys
2009-02-09 19:18 . 2004-04-02 04:07 <DIR> d-------- c:\documents and settings\Default User\WINDOWS
2009-02-09 18:13 . 2009-02-14 18:15 246 --a------ c:\windows\system\hpsysdrv.dat
2009-02-09 18:10 . 2009-02-09 21:45 <DIR> d-------- c:\windows\I386
2009-02-09 17:59 . 2009-02-09 18:06 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-02-09 17:58 . 2009-02-14 09:18 <DIR> dr-hsc--- c:\windows\system32\dllcache
2009-01-15 02:22 . 2009-01-15 02:22 1,228,800 --------- c:\windows\system32\ieframe.dll.mui
2009-01-15 02:22 . 2009-01-15 02:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 10,240 --------- c:\windows\system32\advpack.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-01-15 02:17 . 2009-01-15 02:17 636,264 -----c--- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 02:17 . 2009-01-15 02:17 392,040 -----c--- c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 02:13 . 2009-01-15 02:13 5,888,512 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 02:06 . 2009-01-15 02:06 1,467,392 -----c--- c:\windows\system32\dllcache\inetcpl.cpl
2009-01-15 02:06 . 2009-01-15 02:06 1,182,720 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 02:06 . 2009-01-15 02:06 236,544 -----c--- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 02:06 . 2009-01-15 02:06 105,984 -----c--- c:\windows\system32\dllcache\url.dll
2009-01-15 02:05 . 2009-01-15 02:05 911,872 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-01-15 02:05 . 2009-01-15 02:05 193,536 -----c--- c:\windows\system32\dllcache\msrating.dll
2009-01-15 02:05 . 2009-01-15 02:05 109,056 -----c--- c:\windows\system32\dllcache\occache.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-13 18:50 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-02-10 02:05 --------- d-----w c:\program files\Common Files\Real
2009-02-10 02:04 --------- d-----w c:\program files\QuickTime
2009-02-10 02:03 --------- d-----w c:\program files\Quicken
2009-02-10 01:57 --------- d-----w c:\program files\Microsoft Plus! Digital Media Edition
2009-02-10 01:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 01:51 --------- d-----w c:\program files\Compaq Instant Support
2009-02-10 01:49 --------- d-----w c:\program files\Easy Internet signup
.

------- Sigcheck -------

2004-02-11 21:36 29696 ef462cfb11aa11e7c004566d3183e40f c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 05:42 31232 3ac13c767d27c1669c68ec66f01f2152 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 05:42 31232 53967eb30cc573240dee834323f95a06 c:\windows\system32\svchost.exe

2003-10-04 08:54 168192 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-02-13 12:50 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-02-13 12:50 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2008-04-14 05:42 1050624 af826b2037253428886f8c8567054ea9 c:\windows\explorer.exe
2004-02-12 19:06 1020928 9f1a73997ff19f0e059c910ffc6c83a0 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 05:42 1050624 5b46d2adcf34c6550fd259a5f20a699d c:\windows\ServicePackFiles\i386\explorer.exe

2004-02-11 22:26 118272 bb45a99e0e7f39b6275f5edff6233f85 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 05:42 125440 e835b5131643be4b3e0f472a31dc7efa c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 05:42 125440 2f09610cf8befbfc43f0740d557a4ca4 c:\windows\system32\services.exe

2004-02-11 21:48 30208 2291845362ca07f41e7f3992e351f2d2 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42 32256 8fb4357010bb8b4271f263f3be589b7e c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42 32256 edce19657b373bf632c8993d62bc1892 c:\windows\system32\ctfmon.exe

2004-02-11 21:50 68096 ce8cea120c87ec82a5ec11a200a6b1e6 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 05:42 74752 7ab9c437386358981db1253877c9be91 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 05:42 74752 af46f080c3f40439102fe043ab53e499 c:\windows\system32\spoolsv.exe

2004-02-11 21:46 38912 04e21e7a2818edf5fedcc10fc47bd593 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 05:42 43008 495703ea1810b7d8d3d6f939d617ddba c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 05:42 43008 0e13a72b6dee49dbca002f3d22d8f82b c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-14_ 6.03.01.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-04-02 08:40:51 7,168 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-02-14 15:14:22 8,192 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2004-04-02 08:40:50 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-02-14 15:14:26 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2004-04-02 08:40:46 716,800 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-02-14 15:14:37 720,896 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2004-04-02 08:40:46 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-02-14 15:14:26 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2004-04-02 08:40:51 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-02-14 15:14:34 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2004-04-02 08:40:52 299,008 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-02-14 15:14:31 303,104 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2004-04-02 08:40:50 1,290,240 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-02-14 15:14:34 1,294,336 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2004-04-02 08:40:50 1,699,840 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-02-14 15:14:24 1,703,936 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2004-04-02 08:40:51 86,016 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-02-14 15:14:36 90,112 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2004-04-02 08:40:51 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-02-14 15:14:31 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2004-04-02 08:40:51 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-02-14 15:14:28 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2004-04-02 08:40:51 64,000 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-02-14 15:14:28 66,560 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2004-04-02 08:40:51 368,640 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-02-14 15:14:33 372,736 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2004-04-02 08:40:51 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-02-14 15:14:38 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2004-04-02 08:40:51 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-02-14 15:14:32 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2004-04-02 08:40:51 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-02-14 15:14:28 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2004-04-02 08:40:51 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-02-14 15:14:30 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2004-04-02 08:40:51 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-02-14 15:14:35 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2004-04-02 08:40:52 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-02-14 15:14:19 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2004-04-02 08:40:51 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-02-14 15:14:27 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2004-04-02 08:40:51 569,344 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-02-14 15:14:25 573,440 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2004-04-02 08:40:51 1,245,184 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-02-14 15:14:36 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-04-02 08:40:51 2,039,808 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-02-14 15:14:29 2,052,096 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2004-04-02 08:40:51 1,335,296 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2009-02-14 15:14:32 1,339,392 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2004-04-02 08:40:51 1,216,512 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-02-14 15:14:38 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-02-14 15:15:08 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_febbf5b5\CustomMarshalers.dll
+ 2009-02-14 15:17:29 3,379,200 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ff9b7465\mscorlib.dll
+ 2009-02-14 15:17:00 1,466,368 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_66dae177\System.Design.dll
+ 2009-02-14 15:15:13 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_27e01499\System.Drawing.Design.dll
+ 2009-02-14 15:17:15 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_bd03545d\System.Drawing.dll
+ 2009-02-14 15:16:00 3,014,656 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e2a8fadc\System.Windows.Forms.dll
+ 2009-02-14 15:16:44 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7e0d1edb\System.Xml.dll
+ 2009-02-14 15:15:04 1,953,792 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7cad4abf\System.dll
+ 2009-02-14 15:20:47 20,480 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_c301306c\vjscor.dll
+ 2009-02-14 15:17:42 69,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_4106de62\VJSharpCodeProvider.dll
+ 2009-02-14 15:20:46 4,460,544 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_2922ebba\vjslib.dll
+ 2009-02-14 15:17:58 32,768 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_346ac60c\vjslibcw.dll
+ 2009-02-14 15:17:54 10,240 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_74ba2a8c\VJSWfcBrowserStubLib.dll
+ 2008-06-13 11:05:51 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2001-12-08 00:32:04 1,081,344 ----a-w c:\windows\Help\SBSI\Training\orun32.exe
+ 2006-08-21 21:57:14 1,097,801 ----a-w c:\windows\Help\SBSI\Training\orun32.exe
- 2003-02-21 10:19:32 253,952 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-15 07:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-21 10:19:34 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 07:49:18 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-21 10:19:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 07:49:26 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-21 10:19:36 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 07:49:22 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 10:09:08 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 06:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-22 01:20:44 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 17:23:28 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-22 01:21:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 17:23:44 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-21 10:06:20 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 06:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 20:30:14 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 22:24:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 20:31:00 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 22:24:40 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 20:31:04 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-21 10:09:40 196,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 06:35:30 217,088 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 22:26:36 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 20:28:58 720,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 22:26:38 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 20:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 22:25:04 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 20:28:50 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 22:25:04 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 20:28:50 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 10:09:12 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 06:32:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-21 10:09:12 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 06:32:46 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-21 10:06:32 311,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 06:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-21 10:09:16 98,304 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-15 06:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 22:26:34 2,088,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 20:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 10:09:18 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 06:33:22 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-21 10:09:18 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 06:33:24 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-21 10:07:34 2,494,464 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-15 06:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-21 10:08:32 2,482,176 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-15 06:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 22:20:00 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 10:09:30 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 06:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 22:26:46 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 20:28:48 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-21 10:09:34 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-15 06:35:04 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 22:26:38 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 20:32:00 1,294,336 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 22:25:42 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 20:31:14 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 22:26:42 1,699,840 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 20:29:02 1,703,936 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 22:26:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 20:28:54 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 22:26:46 1,216,512 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 20:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 22:26:50 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 20:28:58 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 22:26:50 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 20:28:56 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-21 10:09:36 64,000 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 06:35:12 66,560 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 22:26:52 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 20:31:58 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 22:26:54 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 20:31:12 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 22:26:56 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 20:28:58 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 22:26:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 20:31:54 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 22:26:58 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 20:28:52 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 22:27:00 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 20:28:54 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 22:27:02 1,245,184 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 20:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 22:27:06 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 20:28:58 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 22:24:18 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 20:28:52 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 22:27:06 569,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 20:31:16 573,440 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 22:27:08 2,039,808 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 20:32:02 2,052,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 22:27:10 1,335,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 20:29:00 1,339,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 19:51:38 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-22 01:20:38 737,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 17:23:20 757,760 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 20:04:18 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 14:15:14 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-21 11:10:40 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 08:11:56 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2009-02-14 12:00:07 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-15 01:28:25 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-14 12:00:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-15 01:28:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-14 12:00:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-15 01:28:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-14 11:42:16 159,744 ----a-w c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23 155,648 ----a-w c:\windows\system32\cscript.exe
+ 2008-08-14 10:04:36 138,496 -c----w c:\windows\system32\dllcache\afd.sys
+ 2008-05-07 09:07:23 155,648 -c----w c:\windows\system32\dllcache\cscript.exe
+ 2008-06-20 17:46:57 147,968 -c----w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-07-07 20:26:58 253,952 -c----w c:\windows\system32\dllcache\es.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-04-14 11:42:26 120,832 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 09:11:20 120,832 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-24 16:43:16 74,240 -c----w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-20 17:46:57 245,248 -c----w c:\windows\system32\dllcache\mswsock.dll
- 2008-04-14 11:42:02 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-05-07 05:12:40 1,288,192 -c----w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-09 10:53:39 180,224 -c----w c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 11:42:08 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-06-20 11:51:12 361,600 -c----w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 11:08:27 225,856 -c----w c:\windows\system32\dllcache\tcpip6.sys
- 2008-04-14 11:42:10 1,053,184 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 12:11:46 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2008-04-14 11:43:00 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-11-07 22:45:32 2,174,976 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-05-08 11:24:44 176,128 -c----w c:\windows\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w c:\windows\system32\dllcache\wshext.dll
- 2008-04-14 11:41:54 147,968 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\system32\dnsapi.dll
- 2008-04-14 06:49:24 138,112 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
- 2008-04-14 06:16:34 273,024 ------w c:\windows\system32\drivers\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w c:\windows\system32\drivers\bthport.sys
- 2008-04-14 06:47:02 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-04-14 06:25:10 202,624 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2008-04-14 06:45:12 334,848 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-04-14 06:50:18 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2008-04-14 06:30:04 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2008-04-14 11:41:54 246,272 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\system32\es.dll
- 2009-02-13 18:18:33 148,400 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 00:40:25 148,400 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 11:41:56 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-04-14 11:41:56 691,712 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\system32\inetcomm.dll
- 2008-04-14 11:42:26 120,832 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 09:11:20 120,832 ----a-w c:\windows\system32\logagent.exe
- 2008-04-14 11:42:00 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\system32\mscms.dll
- 2003-02-21 10:06:24 155,648 ----a-w c:\windows\system32\mscoree.dll
+ 2004-07-15 06:24:50 155,648 ----a-w c:\windows\system32\mscoree.dll
- 2003-02-21 09:43:38 16,896 ----a-w c:\windows\system32\mscorier.dll
+ 2004-07-15 05:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll
- 2008-04-14 11:42:02 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\system32\mswsock.dll
- 2008-04-14 11:42:02 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2008-04-14 11:42:02 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-04-14 11:42:02 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2009-02-13 18:23:56 53,436 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-14 15:14:05 53,436 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-13 18:23:56 381,692 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-14 15:14:05 381,692 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 11:42:04 1,288,192 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\system32\quartz.dll
- 2008-04-14 11:42:06 180,224 ----a-w c:\windows\system32\scrobj.dll
+ 2008-05-09 10:53:39 180,224 ----a-w c:\windows\system32\scrobj.dll
- 2008-04-14 11:42:06 172,032 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w c:\windows\system32\scrrun.dll
- 2008-04-14 11:42:08 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 11:42:40 77,312 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 79,872 ------w c:\windows\system32\tzchange.exe
- 2008-04-14 07:00:12 1,845,632 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys
- 2008-04-14 11:42:10 1,053,184 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 12:11:46 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2008-04-14 11:43:00 2,109,440 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 22:45:32 2,174,976 ----a-w c:\windows\system32\WMVCore.dll
- 2008-04-14 11:42:42 176,128 ----a-w c:\windows\system32\wscript.exe
+ 2008-05-08 11:24:44 176,128 ----a-w c:\windows\system32\wscript.exe
- 2008-04-14 11:42:12 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-05-09 10:53:40 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 186880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2 (0x2)
"navapsvc"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 hkqdayek;hkqdayek;c:\windows\System32\Drivers\hkqdayek.sys [2009-02-13 137376]
R0 qztdwfgx;qztdwfgx; [x]
R1 ethaaksm;ethaaksm;c:\windows\system32\drivers\ethaaksm.sys [2009-02-13 137376]
R1 ethcwxao;ethcwxao;c:\windows\system32\drivers\ethcwxao.sys [2009-02-13 137376]
R1 ethcxubh;ethcxubh;c:\windows\system32\drivers\ethcxubh.sys [2009-02-13 137376]
R1 ethdzctq;ethdzctq;c:\windows\system32\drivers\ethdzctq.sys [2009-02-13 137376]
R1 ethedwwm;ethedwwm;c:\windows\system32\drivers\ethedwwm.sys [2009-02-13 137376]
R1 ethfsetc;ethfsetc;c:\windows\system32\drivers\ethfsetc.sys [2009-02-13 137376]
R1 ethftfdq;ethftfdq;c:\windows\system32\drivers\ethftfdq.sys [2009-02-13 137376]
R1 ethjgptp;ethjgptp;c:\windows\system32\drivers\ethjgptp.sys [2009-02-13 137376]
R1 ethknoii;ethknoii;c:\windows\system32\drivers\ethknoii.sys [2009-02-13 137376]
R1 ethkwrgu;ethkwrgu;c:\windows\system32\drivers\ethkwrgu.sys [2009-02-13 137376]
R1 ethllwrg;ethllwrg;c:\windows\system32\drivers\ethllwrg.sys [2009-02-13 137376]
R1 ethoqjqp;ethoqjqp;c:\windows\system32\drivers\ethoqjqp.sys [2009-02-13 137376]
R1 ethortkp;ethortkp;c:\windows\system32\drivers\ethortkp.sys [2009-02-13 137376]
R1 ethqmxwa;ethqmxwa;c:\windows\system32\drivers\ethqmxwa.sys [2009-02-13 137376]
R1 ethqxlsl;ethqxlsl;c:\windows\system32\drivers\ethqxlsl.sys [2009-02-13 137376]
R1 ethrbkar;ethrbkar;c:\windows\system32\drivers\ethrbkar.sys [2009-02-13 137376]
R1 ethsqerh;ethsqerh;c:\windows\system32\drivers\ethsqerh.sys [2009-02-13 137376]
R1 ethszsmg;ethszsmg;c:\windows\system32\drivers\ethszsmg.sys [2009-02-13 137376]
R1 ethvbdya;ethvbdya;c:\windows\system32\drivers\ethvbdya.sys [2009-02-13 137376]
R1 ethvtsub;ethvtsub;c:\windows\system32\drivers\ethvtsub.sys [2009-02-13 137376]
R1 ethxrucc;ethxrucc;c:\windows\system32\drivers\ethxrucc.sys [2009-02-13 137376]
R1 ethzlasq;ethzlasq;c:\windows\system32\drivers\ethzlasq.sys [2009-02-13 137376]
R1 ethzpkiq;ethzpkiq;c:\windows\system32\drivers\ethzpkiq.sys [2009-02-13 137376]
R3 aefctnof;aefctnof; [x]
R3 aidhqtso;aidhqtso; [x]
R3 axsdjhbb;axsdjhbb; [x]
R3 bzubqgnu;bzubqgnu; [x]
R3 cbtenglh;cbtenglh; [x]
R3 fmlmyeqq;fmlmyeqq; [x]
R3 gomedizh;gomedizh; [x]
R3 lpudqurk;lpudqurk;c:\windows\System32\Drivers\lpudqurk.sys [2009-02-13 137376]
R3 mxedvyny;mxedvyny; [x]
R3 wngicowf;wngicowf; [x]
R3 yvpsczoe;yvpsczoe; [x]
R3 zuqkjnyv;zuqkjnyv; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]


--- Other Services/Drivers In Memory ---

*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - ERSvc
*Deregistered* - Fastfat
*Deregistered* - fasttx2k
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SISAGP
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp1
*Deregistered* - ViaIde
*Deregistered* - VolSnap
*Deregistered* - wuauserv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-qztdwfgx.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\25ppfd6v.default\
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 19:29:04
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,87,9c,79,e3,77,05,48,94,b8,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,87,9c,79,e3,77,05,48,94,b8,db,\
.
Completion time: 2009-02-14 19:31:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 01:31:45
ComboFix2.txt 2009-02-14 12:34:08
ComboFix3.txt 2009-02-14 12:03:43
ComboFix4.txt 2009-02-14 02:31:28

Pre-Run: 26,674,753,536 bytes free
Post-Run: 26,662,563,840 bytes free

691 --- E O F --- 2009-02-14 15:18:48

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:16 PM

Posted 15 February 2009 - 12:07 PM

Hi kayjunspice
No need to apologise, we all make mistakes. I'll have a look at your log and see what's going on.

Thanks :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users