PDA

View Full Version : Laptop infected and website popups

boiler85
09-09-2007, 12:20 PM
My laptop is being very slow and websites are popping up out of nowwhere. I also just got a message from internet explorer asking me to download ErrClean, AVSystemCare, and/or PCPrivacyTool but I am not sure if I should download them.

Here is my log:

ComboFix 07-09-08.7 - "Maggie Siempelkamp" 2007-09-08 20:22:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.20 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\MAGGIE~1\STARTM~1\Programs\Startup.\TA _Start.lnk
C:\DOCUME~1\MAGGIE~1\STARTM~1\Programs\Startup\ta_ start.lnk
C:\Program Files\Internet Explorer\quhaveqa.dll
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\tk58.exe


((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.

2007-09-08 17:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 12:55 2,027,183 ---hs---- C:\WINDOWS\system32\kloqr.bak1
2007-09-05 22:59 52,768 --a------ C:\WINDOWS\system32\ljdsrngo.exe
2007-09-05 22:57 2,004,247 ---hs---- C:\WINDOWS\system32\kloqr.bak2
2007-09-05 22:30 244,832 --a------ C:\WINDOWS\system32\rqolk.dll
2007-09-05 22:19 <DIR> d-------- C:\quarantine
2007-09-05 22:05 <DIR> d--hs---- C:\WINDOWS\TWFnZ2llIFNpZW1wZWxrYW1w
2007-09-05 22:05 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\NetMo n
2007-09-05 22:04 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-05 22:04 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-05 22:04 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-08-24 22:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-24 21:39 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-08-24 21:36 <DIR> d-------- C:\Program Files\Pure Networks
2007-08-24 21:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-08-19 20:17 60,968 --a------ C:\DOCUME~1\MAGGIE~1\GoToAssistDownloadHelper.exe
2007-08-19 19:20 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-08-19 19:20 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-08-19 19:15 <DIR> d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-08 20:54 --------- d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-19 19:20 --------- d-------- C:\Program Files\Network Associates
2007-08-19 19:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-08-07 16:30 163840 --a------ C:\Program Files\Common Files\mede22011.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 05:06 135 --a------ C:\Program Files\page.html
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-12-02 21:05 2522 --a------ C:\Program Files\func.js
2006-11-25 03:57 482 --a------ C:\Program Files\Del.js
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\TWFnZ2llIFNpZW1wZWxrYW1w\nqIBtZ55KIhDtq YTtqUOsqYT.vbs
boiler85
09-09-2007, 12:21 PM
Here is the second half of my log:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{730F0599-AF9D-497A-A414-C2EDB463AD67}]
2007-09-05 22:30 244832 --a------ C:\WINDOWS\system32\rqolk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 14:31]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 14:34]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 11:26]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 11:14]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 22:55]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 20:23]
"CARPService"="carpserv.exe" [2003-05-21 16:35 C:\WINDOWS\system32\carpserv.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe" [2004-06-21 13:40]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-07-29 01:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 16:45]
"{00-06-67-71-ZN}"="c:\windows\system32\dwdsrngt.exe" []
"mede"="C:\Program Files\Common Files\mede22011.exe" [2007-08-07 16:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"areslite"="C:\Program Files\Ares Lite Edition\AresLite.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-16 17:30]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36]
Purdue University Air Link.lnk - C:\Program Files\Purdue University\Air Link\ipsecdialer.exe [2004-10-05 21:33:00]

C:\DOCUME~1\MAGGIE~1\STARTM~1\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-20 11:41:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqpqr]
rqrqpqr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\rqolk

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WildTangent CDA"=RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdud f_xp.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mv stdi5x.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.s ys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\driver s\UdfReadr_xp.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Purdue University\Air Link\cvpnd.exe"
R2 CVPNDRV;Purdue University IPsec Driver;\??\C:\WINDOWS\System32\Drivers\CVPNDRV.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\syste m32\DRIVERS\strmdisp.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\cali hal.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\ EntDrv51.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.s ys
S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.s ys
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6e244663-f4e5-11db-82a3-00904b55f22c}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 20:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-09 00:27:52 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-09-08 20:44:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-09-08 21:15:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 21:15
.
--- E O F ---
Budfred
09-09-2007, 12:24 PM
Did you use the latest version of ComboFix?? If not, please download the latest and run it again... We also need to see a HijackThis log:

http://www.merijn.org/programs.php

To run HJT, extract it to a permanent folder such as one you create like C:\HJT or the Desktop. Close all open windows and
browsers and make sure that all programs are enabled if you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items are either benign or essential to the computer. Make sure that WordWrap is turned off in Notepad
and use as many posts as needed to paste it all here...

Also, please run this:

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your Desktop icons.
Finally open the SDFix folder on your Desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


Post all of the logs using as many posts as needed...
Budfred
09-09-2007, 12:25 PM
I almost forgot, please run this as well...

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)]

And DO NOT!! install those programs that are popping up... they are malware...
boiler85
09-09-2007, 12:41 PM
Here is my hijackthis log:
ogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:35, on 2007-09-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Purdue University\Air Link\cvpnd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Maggie Siempelkamp\My Documents\Hack fixes\HiJackThis_v2.exe
boiler85
09-09-2007, 12:42 PM
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.purdue.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {730F0599-AF9D-497A-A414-C2EDB463AD67} - C:\WINDOWS\system32\rqolk.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [{00-06-67-71-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [mede] C:\Program Files\Common Files\mede22011.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Purdue University Air Link.lnk = C:\Program Files\Purdue University\Air Link\ipsecdialer.exe
O8 - Extra context menu item: &Search - [url]http://kl.bar.need2find.com/KL/menusearch.html?p=KL[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - [url]http://www.alternatiff.com/install/00/alttiff.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - [url]http://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://photos.walmart.com/WalmartActivia.cab[/url]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab[/url]
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - [url]http://www.mathxl.com/applets/PearsonInstallAsst.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {6491E7CB-F83B-4D31-8F99-6384A633FE58} (EconCVX Control) - [url]http://www.mathxl.com/applets/EconCVX.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124913697972[/url]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [url]http://web1.shutterfly.com/downloads/Uploader.cab[/url]
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - [url]http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab[/url]
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab[/url]
O20 - Winlogon Notify: rqrqpqr - rqrqpqr.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
boiler85
09-09-2007, 12:42 PM
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Purdue University\Air Link\cvpnd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12508 bytes
boiler85
09-09-2007, 01:28 PM
The SDFix saves as an .exe instead of a .zip so when I go to safe mode and right click on the desktop icon there is no Extract All option. Am I doing something wrong?
boiler85
09-09-2007, 04:21 PM
Here is the SDFix report:

SDFix: Version 1.103

Run by Maggie Siempelkamp on 2007-09-09 at 14:37

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
DomainService

ImagePath:

DomainService - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\ucjionqf.exe"="C:\\WINDOWS\\system32\\ucj"
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0002.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0003.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0004.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0078.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0165.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0450.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0707.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL0857.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL1052.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL1057.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL1125.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL1451.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL1984.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL2080.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL2251.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL2432.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL2508.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL2765.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL2989.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\~WRL3670.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL0322.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL0444.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL0531.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL1668.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL1685.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL1716.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL2037.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL3171.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\ME 352\~WRL3689.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\Phi Sigma Rho\~WRL1983.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\Phi Sigma Rho\~WRL2844.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\Quotes and more!\~WRL0090.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\Quotes and more!\~WRL0126.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\Quotes and more!\~WRL3802.tmp
C:\Documents and Settings\Maggie Siempelkamp\My Documents\Quotes and more!\~WRL3991.tmp
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\TWFnZ2llIFNpZW1wZWxrYW1w\nqIBtZ55KIhDtq YTtqUOsqYT.vbs

Finished!
Budfred
09-09-2007, 05:40 PM
Did you see the post I added about running SmitfraudFix?? Please do that and post the log...
boiler85
09-09-2007, 05:46 PM
I am having trouble with the smitfraudfix.cmd. I have tried to run it several times and it isn't running. I also deleted and redownloaded it as well as restarted my computer.
Budfred
09-10-2007, 12:50 AM
Did you extract it to your Desktop before trying to run it?? That is usually the problem when someone has trouble running it...
boiler85
09-10-2007, 10:19 PM
Yes I extracted it to the Desktop. It prompts me to run it but then when I click run nothing happens.
Budfred
09-10-2007, 10:48 PM
Try it in Safe Mode... If it doesn't work, we will try a couple of other approaches... Make sure you have the latest version since it is updated regularly...
boiler85
09-14-2007, 10:00 PM
SmitFraudFix v2.221

Scan done at 12:13:44.96, 2007-09-14
Run from C:\Documents and Settings\Maggie Siempelkamp\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maggie Siempelkamp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maggie Siempelkamp\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAGGIE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D03B297-0425-44B3-9182-71AB017F5129}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D03B297-0425-44B3-9182-71AB017F5129}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8D03B297-0425-44B3-9182-71AB017F5129}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Budfred
09-14-2007, 11:12 PM
I have lost track of the issues here... Please let me know how your computer is running, download a new copy of ComobFix and post the log and post a fresh HJT log (produced after running ComboFix)....
boiler85
09-18-2007, 09:41 PM
My computer is still really really slow and I am getting some website popups. I am also getting error messages alot. Here is my log from my combofix:
ComboFix 07-09-18.4 - "Maggie Siempelkamp" 2007-09-18 20:24:47.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.35 [GMT -4:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-14 12:14 4,518 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-14 12:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-14 12:13 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-14 12:13 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-14 12:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-09 14:00 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-08 17:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 22:59 52,768 --a------ C:\WINDOWS\system32\ljdsrngo.exe
2007-09-05 22:19 <DIR> d-------- C:\quarantine
2007-09-05 22:05 <DIR> d--hs---- C:\WINDOWS\TWFnZ2llIFNpZW1wZWxrYW1w
2007-09-05 22:05 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\NetMo n
2007-09-05 22:04 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-05 22:04 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-05 22:04 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-08-24 22:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-24 21:39 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-08-24 21:36 <DIR> d-------- C:\Program Files\Pure Networks
2007-08-24 21:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-08-19 20:17 60,968 --a------ C:\DOCUME~1\MAGGIE~1\GoToAssistDownloadHelper.exe
2007-08-19 19:20 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-08-19 19:20 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-08-19 19:15 <DIR> d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-18 19:59 --------- d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-19 19:20 --------- d-------- C:\Program Files\Network Associates
2007-08-19 19:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-08-07 16:30 163840 --a------ C:\Program Files\Common Files\mede22011.exe
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\TWFnZ2llIFNpZW1wZWxrYW1w\nqIBtZ55KIhDtq YTtqUOsqYT.vbs
boiler85
09-18-2007, 09:42 PM
((((((((((((((((((((((((((((( snapshot_2007-09-08_210921.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 163,328 2007-09-09 11:32:57 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 4,378,624 2007-09-09 18:35:53 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-09-09 18:35:53 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-09 11:32:57 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 4,378,624 2007-09-09 18:00:33 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NT USER.DAT
----a-w 8,192 2007-09-09 18:00:33 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\Us rClass.dat
----a-r 593,920 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-09-18 23:52:03 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-18 23:52:02 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-18 23:52:02 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-r 12,288 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 23,040 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-18 23:52:38 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 65,024 2004-08-04 05:56:42 C:\WINDOWS\system32\asycfilt.dll
----a-w 377,984 2004-08-04 05:56:42 C:\WINDOWS\system32\ati2dvaa.dll
----a-w 32,768 2004-08-04 05:56:42 C:\WINDOWS\system32\ativtmxx.dll
----a-w 14,336 2004-08-04 05:56:48 C:\WINDOWS\system32\auditusr.exe
----a-w 8,192 2004-08-04 05:56:42 C:\WINDOWS\system32\bitsprx2.dll
----a-w 7,168 2004-08-04 05:56:42 C:\WINDOWS\system32\bitsprx3.dll
----a-w 71,680 2004-08-04 05:56:48 C:\WINDOWS\system32\blastcln.exe
----a-w 20,992 2004-08-04 05:56:42 C:\WINDOWS\system32\bthci.dll
----a-w 30,208 2004-08-04 05:56:42 C:\WINDOWS\system32\bthserv.dll
----a-w 50,688 2004-08-04 05:56:42 C:\WINDOWS\system32\btpanui.dll
----a-w 13,824 2004-08-04 05:56:42 C:\WINDOWS\system32\cmsetacl.dll
----a-w 50,620 2001-08-18 17:00:00 C:\WINDOWS\system32\command.com
----a-w 20,992 2004-08-04 05:56:50 C:\WINDOWS\system32\faxpatch.exe
----a-w 193,024 2004-08-04 05:56:50 C:\WINDOWS\system32\fsquirt.exe
----a-w 60,416 2004-08-04 05:56:44 C:\WINDOWS\system32\fwcfg.dll
----a-w 32,285 2004-08-04 05:56:44 C:\WINDOWS\system32\hsfcisp2.dll
----a-w 24,576 2004-08-04 05:56:44 C:\WINDOWS\system32\httpapi.dll
boiler85
09-18-2007, 09:43 PM
61,952 2006-10-17 16:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 26,112 2006-06-29 13:05:44 C:\WINDOWS\system32\idndl.dll
----a-w 180,736 2006-11-08 02:03:36 C:\WINDOWS\system32\ieui.dll
----a-w 755,200 2004-08-04 05:56:44 C:\WINDOWS\system32\ir50_32.dll
----a-w 200,192 2004-08-04 05:56:44 C:\WINDOWS\system32\ir50_qc.dll
----a-w 183,808 2004-08-04 05:56:44 C:\WINDOWS\system32\ir50_qcx.dll
----a-w 7,168 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdfi1.dll
----a-w 6,144 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdinbe1.dll
----a-w 6,656 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdinben.dll
----a-w 6,656 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdinmal.dll
----a-w 5,632 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdmaori.dll
----a-w 6,144 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdmlt47.dll
----a-w 6,144 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdmlt48.dll
----a-w 7,168 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdno1.dll
----a-w 7,680 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdsmsfi.dll
----a-w 7,680 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdsmsno.dll
----a-w 7,168 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdukx.dll
----a-w 59,392 2004-08-04 05:56:52 C:\WINDOWS\system32\logman.exe
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 118,784 2004-08-04 05:56:44 C:\WINDOWS\system32\msdadiag.dll
----a-w 12,288 2006-10-17 16:58:32 C:\WINDOWS\system32\msfeedssync.exe
----a-w 344,064 2002-01-05 10:37:28 C:\WINDOWS\system32\msvcr70.dll
----a-w 61,440 2004-08-04 03:58:26 C:\WINDOWS\system32\msvcrt40.dll
----a-w 1,737,856 2004-08-04 05:56:46 C:\WINDOWS\system32\mtxparhd.dll
----a-w 24,576 2006-06-28 22:59:26 C:\WINDOWS\system32\nlsdl.dll
----a-w 23,552 2006-06-29 13:05:44 C:\WINDOWS\system32\normaliz.dll
----a-w 4,274,816 2004-08-04 05:56:46 C:\WINDOWS\system32\nv4_disp.dll
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\oleaut32.dll
----a-w 83,456 2004-08-04 05:56:46 C:\WINDOWS\system32\olepro32.dll
----a-w 116,224 2004-08-04 05:56:46 C:\WINDOWS\system32\p2p.dll
----a-w 86,016 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pgasvc.dll
----a-w 312,320 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pgraph.dll
----a-w 88,064 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pnetsh.dll
----a-w 526,848 2004-08-04 05:56:46 C:\WINDOWS\system32\p2psvc.dll
----a-w 48,640 2004-08-04 05:56:46 C:\WINDOWS\system32\pnrpnsp.dll
----a-w 49,152 2004-08-04 05:56:56 C:\WINDOWS\system32\powercfg.exe
----a-w 9,216 2004-08-04 05:56:56 C:\WINDOWS\system32\proxycfg.exe
----a-w 397,056 2004-08-04 05:56:46 C:\WINDOWS\system32\s3gnb.dll
----a-w 29,184 2004-08-04 05:56:46 C:\WINDOWS\system32\sdhcinst.dll
----a-w 4,569 2004-08-02 19:20:40 C:\WINDOWS\system32\secupd.dat
----a-w 73,832 2004-08-04 05:56:46 C:\WINDOWS\system32\slcoinst.dll
----a-w 286,792 2004-08-04 05:56:46 C:\WINDOWS\system32\slextspk.dll
----a-w 188,508 2004-08-04 05:56:46 C:\WINDOWS\system32\slgen.dll
----a-w 32,866 2004-08-04 05:56:58 C:\WINDOWS\system32\slrundll.exe
----a-w 73,796 2004-08-04 05:56:58 C:\WINDOWS\system32\slserv.exe
----a-w 8,192 2004-08-04 05:56:58 C:\WINDOWS\system32\smbinst.exe
----a-w 14,640 2006-12-10 18:10:02 C:\WINDOWS\system32\spmsg.dll
----a-w 11,776 2004-08-04 05:56:58 C:\WINDOWS\system32\spnpinst.exe
----a-w 21,504 2004-08-04 05:56:58 C:\WINDOWS\system32\spupdwxp.exe
----a-w 75,776 2004-08-04 05:56:46 C:\WINDOWS\system32\strmfilt.dll
----a-w 44,032 2004-08-04 05:56:48 C:\WINDOWS\system32\twext.dll
----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
----a-w 28,672 2006-03-17 00:38:01 C:\WINDOWS\system32\verclsid.exe
----a-w 66,880 2002-10-16 19:40:20 C:\WINDOWS\system32\vsdata.dll
----a-w 145,800 2002-10-16 19:40:26 C:\WINDOWS\system32\vsdatant.sys
----a-w 15,872 2004-08-04 05:56:48 C:\WINDOWS\system32\w3ssl.dll
----a-w 336,768 2007-03-15 22:17:08 C:\WINDOWS\system32\WgaTray.exe
----a-w 206,336 2006-10-17 17:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
----a-w 17,408 2004-08-04 05:56:48 C:\WINDOWS\system32\winshfhc.dll
----a-w 168,448 2004-08-04 05:56:36 C:\WINDOWS\system32\wmerror.dll
----a-w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\wmp.dll
----a-w 114,688 2004-08-04 05:56:48 C:\WINDOWS\system32\wmpasf.dll
----a-w 233,472 2004-08-04 05:56:48 C:\WINDOWS\system32\wmpdxm.dll
----a-w 13,824 2004-08-04 05:56:58 C:\WINDOWS\system32\wscntfy.exe
----a-w 114,688 2004-08-04 05:56:58 C:\WINDOWS\system32\wscript.exe
----a-w 81,408 2004-08-04 05:56:48 C:\WINDOWS\system32\wscsvc.dll
----a-w 108,032 2004-08-04 05:56:48 C:\WINDOWS\system32\wshbth.dll
----a-w 121,856 2006-07-14 15:51:51 C:\WINDOWS\system32\xmllite.dll
----a-w 129,536 2004-08-04 05:56:48 C:\WINDOWS\system32\xmlprov.dll
----a-w 50,176 2004-08-04 05:56:48 C:\WINDOWS\system32\xmlprovi.dll
----a-w 438,784 2004-08-04 05:56:38 C:\WINDOWS\system32\xpob2res.dll
----a-w 361,984 2004-07-01 22:08:18 C:\WINDOWS\system32\bits\qmgr.dll
----a-w 32,768 2007-09-18 23:55:08 C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
----a-w 32,768 2007-09-18 23:55:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 114,688 2007-09-18 23:55:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
boiler85
09-18-2007, 09:44 PM
2 2006-08-16 11:58:05 C:\WINDOWS\system32\dllcache\6to4svc.dll
----a-w 71,680 2006-11-07 08:26:44 C:\WINDOWS\system32\dllcache\admparse.dll
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
----a-w 42,496 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdp2.dll
----a-w 256,512 2006-10-12 11:54:07 C:\WINDOWS\system32\dllcache\agentsvr.exe
----a-w 1,022,976 2006-10-23 15:34:19 C:\WINDOWS\system32\dllcache\browseui.dll
----a-w 151,040 2006-10-23 15:34:19 C:\WINDOWS\system32\dllcache\cdfview.dll
----a-w 69,120 2006-06-22 05:06:29 C:\WINDOWS\system32\dllcache\ciodm.dll
----a-w 617,472 2006-08-25 15:45:58 C:\WINDOWS\system32\dllcache\comctl32.dll
----a-w 17,408 2007-01-09 00:01:14 C:\WINDOWS\system32\dllcache\corpol.dll
----a-w 1,054,208 2006-10-23 15:34:20 C:\WINDOWS\system32\dllcache\danim.dll
----a-w 111,616 2006-05-19 12:59:41 C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
----a-w 86,528 2007-05-16 15:12:00 C:\WINDOWS\system32\dllcache\directdb.dll
----a-w 148,480 2006-06-26 17:37:10 C:\WINDOWS\system32\dllcache\dnsapi.dll
----a-w 498,742 2006-08-22 09:05:26 C:\WINDOWS\system32\dllcache\dxmasf.dll
----a-w 16,896 2006-08-21 12:21:06 C:\WINDOWS\system32\dllcache\fltlib.dll
----a-w 23,040 2006-08-21 09:14:58 C:\WINDOWS\system32\dllcache\fltmc.exe
----a-w 128,896 2006-08-21 09:14:58 C:\WINDOWS\system32\dllcache\fltmgr.sys
----a-w 282,112 2007-06-19 13:31:19 C:\WINDOWS\system32\dllcache\gdi32.dll
----a-w 72,704 2006-07-21 08:24:43 C:\WINDOWS\system32\dllcache\hlink.dll
----a-w 60,416 2006-10-17 16:44:36 C:\WINDOWS\system32\dllcache\hmmapi.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\system32\dllcache\ieapfltr.dat
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
----a-w 78,336 2006-10-17 17:06:00 C:\WINDOWS\system32\dllcache\ieencode.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
----a-w 55,296 2006-11-07 08:26:42 C:\WINDOWS\system32\dllcache\iesetup.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
----a-w 36,352 2006-10-17 16:57:58 C:\WINDOWS\system32\dllcache\imgutil.dll
----a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
----a-w 163,840 2006-06-01 18:47:07 C:\WINDOWS\system32\dllcache\jgdw400.dll
----a-w 27,648 2006-06-01 18:47:07 C:\WINDOWS\system32\dllcache\jgpl400.dll
----a-w 984,576 2007-04-16 15:52:53 C:\WINDOWS\system32\dllcache\kernel32.dll
----a-w 172,416 2006-06-14 08:47:45 C:\WINDOWS\system32\dllcache\kmixer.sys
----a-w 40,960 2006-10-17 17:05:10 C:\WINDOWS\system32\dllcache\licmgr10.dll
----a-w 721,920 2006-08-17 12:28:27 C:\WINDOWS\system32\dllcache\lsasrv.dll
----a-w 40,960 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\mf3216.dll
----a-w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\dllcache\mfc40u.dll
----a-w 981,760 2006-10-14 08:13:25 C:\WINDOWS\system32\dllcache\mfc42u.dll
----a-w 453,120 2006-05-05 09:41:45 C:\WINDOWS\system32\dllcache\mrxsmb.sys
----a-w 536,576 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msado15.dll
----a-w 180,224 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadomd.dll
----a-w 200,704 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadox.dll
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
----a-w 539,136 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\msftedit.dll
----a-w 45,568 2006-10-17 16:56:10 C:\WINDOWS\system32\dllcache\mshta.exe
----a-w 48,128 2006-10-17 16:28:56 C:\WINDOWS\system32\dllcache\mshtmler.dll
----a-w 102,400 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msjro.dll
----a-w 1,314,816 2007-05-16 15:12:08 C:\WINDOWS\system32\dllcache\msoe.dll
----a-w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\system32\dllcache\msxml3.dll
----a-w 332,288 2006-08-17 12:28:27 C:\WINDOWS\system32\dllcache\netapi32.dll
----a-w 574,464 2007-02-09 11:10:35 C:\WINDOWS\system32\dllcache\ntfs.sys
----a-w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
----a-w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
----a-w 142,336 2006-10-13 12:35:12 C:\WINDOWS\system32\dllcache\nwprovau.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\dllcache\oleaut32.dll
----a-w 1,435,648 2006-06-22 05:06:30 C:\WINDOWS\system32\dllcache\query.dll
----a-w 8,192 2006-06-26 17:37:10 C:\WINDOWS\system32\dllcache\rasadhlp.dll
----a-w 181,248 2006-05-14 08:44:08 C:\WINDOWS\system32\dllcache\rasmans.dll
----a-w 174,592 2006-05-05 09:47:57 C:\WINDOWS\system32\dllcache\rdbss.sys
----a-w 433,152 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\riched20.dll
----a-w 202,240 2006-07-13 08:48:58 C:\WINDOWS\system32\dllcache\rmcast.sys
----a-w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\dllcache\schannel.dll
----a-w 1,497,600 2006-10-23 15:34:22 C:\WINDOWS\system32\dllcache\shdocvw.dll
----a-w 474,112 2006-10-23 15:34:22 C:\WINDOWS\system32\dllcache\shlwapi.dll
----a-w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shsvcs.dll
----a-w 6,400 2006-06-14 08:47:46 C:\WINDOWS\system32\dllcache\splitter.sys
----a-w 332,928 2006-08-14 10:34:41 C:\WINDOWS\system32\dllcache\srv.sys
----a-w 246,814 2006-08-21 14:52:08 C:\WINDOWS\system32\dllcache\strmdll.dll
----a-w 713,216 2006-10-19 13:56:32 C:\WINDOWS\system32\dllcache\sxs.dll
----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 225,664 2006-08-16 09:37:30 C:\WINDOWS\system32\dllcache\tcpip6.sys
----a-w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\dllcache\upnphost.dll
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll
----a-w 413,696 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\vbscript.dll
----a-w 510,976 2007-05-16 15:12:12 C:\WINDOWS\system32\dllcache\wab32.dll
----a-w 85,504 2007-05-16 15:12:15 C:\WINDOWS\system32\dllcache\wabimp.dll
----a-w 82,944 2006-06-14 09:00:45 C:\WINDOWS\system32\dllcache\wdmaud.sys
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
----a-w 236,928 2007-03-15 22:16:42 C:\WINDOWS\system32\dllcache\WgaLogon.dll
----a-w 336,768 2007-03-15 22:17:08 C:\WINDOWS\system32\dllcache\WgaTray.exe
----a-w 333,824 2006-12-19 18:16:47 C:\WINDOWS\system32\dllcache\wiaservc.dll
----a-w 1,843,584 2007-03-08 13:47:48 C:\WINDOWS\system32\dllcache\win32k.sys
----a-w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\dllcache\winsrv.dll
----a-w 132,096 2006-08-17 12:28:27 C:\WINDOWS\system32\dllcache\wkssvc.dll
----a-w 2,174,976 2006-12-07 22:02:24 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 4,255 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv01nt5.dll
----a-w 3,967 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv02nt5.dll
----a-w 3,615 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv05nt5.dll
----a-w 3,647 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv07nt5.dll
----a-w 3,135 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv08nt5.dll
----a-w 3,711 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv09nt5.dll
----a-w 3,775 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv11nt5.dll
----a-w 42,368 2004-08-04 04:07:42 C:\WINDOWS\system32\drivers\agp440.sys
----a-w 44,928 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\agpcpq.sys
boiler85
09-18-2007, 09:45 PM
2 2004-08-04 04:07:42 C:\WINDOWS\system32\drivers\alim1541.sys
----a-w 43,008 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\amdagp.sys
----a-w 56,623 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\ati1btxx.sys
----a-w 11,615 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\ati1mdxx.sys
----a-w 12,047 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\ati1pdxx.sys
----a-w 30,671 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1raxx.sys
----a-w 63,663 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1rvxx.sys
----a-w 26,367 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1snxx.sys
----a-w 21,343 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1ttxx.sys
----a-w 36,463 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1tuxx.sys
----a-w 29,455 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1xbxx.sys
----a-w 34,735 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1xsxx.sys
----a-w 327,040 2004-08-04 03:29:28 C:\WINDOWS\system32\drivers\ati2mtaa.sys
----a-w 57,856 2004-08-04 03:29:28 C:\WINDOWS\system32\drivers\atinbtxx.sys
----a-w 13,824 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\atinmdxx.sys
----a-w 14,336 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\atinpdxx.sys
----a-w 52,224 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\atinraxx.sys
----a-w 104,960 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinrvxx.sys
----a-w 28,672 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinsnxx.sys
----a-w 13,824 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinttxx.sys
----a-w 73,216 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atintuxx.sys
----a-w 31,744 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinxbxx.sys
----a-w 63,488 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinxsxx.sys
----a-w 21,183 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv01nt5.dll
----a-w 11,359 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv02nt5.dll
----a-w 25,471 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv04nt5.dll
----a-w 14,143 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv06nt5.dll
----a-w 17,279 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv10nt5.dll
----a-w 17,024 2004-08-04 04:10:40 C:\WINDOWS\system32\drivers\bthenum.sys
----a-w 38,016 2004-08-04 04:10:40 C:\WINDOWS\system32\drivers\bthmodem.sys
----a-w 100,992 2004-08-04 03:58:40 C:\WINDOWS\system32\drivers\bthpan.sys
----a-w 274,304 2004-08-04 04:10:38 C:\WINDOWS\system32\drivers\bthport.sys
----a-w 35,456 2004-08-04 04:10:38 C:\WINDOWS\system32\drivers\bthprint.sys
----a-w 18,944 2004-08-04 04:10:36 C:\WINDOWS\system32\drivers\bthusb.sys
----a-w 15,423 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\ch7xxnt5.dll
----a-w 128,896 2006-08-21 09:14:58 C:\WINDOWS\system32\drivers\fltmgr.sys
----a-w 46,464 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\gagp30kx.sys
----a-w 25,600 2004-08-04 04:10:38 C:\WINDOWS\system32\drivers\hidbth.sys
----a-w 15,104 2004-08-04 04:08:20 C:\WINDOWS\system32\drivers\hidir.sys
----a-w 220,032 2004-08-04 03:41:48 C:\WINDOWS\system32\drivers\hsfbs2s2.sys
----a-w 685,056 2004-08-04 03:41:50 C:\WINDOWS\system32\drivers\hsfcxts2.sys
----a-w 1,041,536 2004-08-04 03:41:56 C:\WINDOWS\system32\drivers\hsfdpsp2.sys
----a-w 262,784 2006-03-17 00:33:10 C:\WINDOWS\system32\drivers\http.sys
----a-w 36,096 2004-08-04 03:59:20 C:\WINDOWS\system32\drivers\intelppm.sys
----a-w 29,056 2004-08-04 04:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys
----a-w 15,488 2004-08-04 04:07:48 C:\WINDOWS\system32\drivers\mssmbios.sys
----a-w 126,686 2004-08-04 03:41:40 C:\WINDOWS\system32\drivers\mtlmnt5.sys
----a-w 1,309,184 2004-08-04 03:41:38 C:\WINDOWS\system32\drivers\mtlstrm.sys
----a-w 452,736 2004-08-04 03:29:38 C:\WINDOWS\system32\drivers\mtxparhm.sys
----a-w 12,672 2004-08-04 04:04:52 C:\WINDOWS\system32\drivers\mutohpen.sys
----a-w 180,360 2004-08-04 03:41:40 C:\WINDOWS\system32\drivers\ntmtlfax.sys
----a-w 1,897,408 2004-08-04 03:29:56 C:\WINDOWS\system32\drivers\nv4_mini.sys
----a-w 13,776 2004-08-04 03:41:40 C:\WINDOWS\system32\drivers\recagent.sys
----a-w 59,648 2004-08-04 04:10:40 C:\WINDOWS\system32\drivers\rfcomm.sys
----a-w 30,080 2004-08-04 04:04:32 C:\WINDOWS\system32\drivers\rndismpx.sys
----a-w 166,912 2004-08-04 03:29:52 C:\WINDOWS\system32\drivers\s3gnbm.sys
----a-w 67,584 2004-08-04 04:07:48 C:\WINDOWS\system32\drivers\sdbus.sys
----a-w 11,136 2004-08-04 03:59:56 C:\WINDOWS\system32\drivers\sffdisk.sys
----a-w 10,240 2004-08-04 03:59:56 C:\WINDOWS\system32\drivers\sffp_sd.sys
----a-w 3,901 2004-08-04 05:56:46 C:\WINDOWS\system32\drivers\siint5.dll
----a-w 41,088 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\sisagp.sys
----a-w 129,535 2004-08-04 03:41:42 C:\WINDOWS\system32\drivers\slnt7554.sys
----a-w 404,990 2004-08-04 03:41:44 C:\WINDOWS\system32\drivers\slntamr.sys
----a-w 95,424 2004-08-04 03:41:46 C:\WINDOWS\system32\drivers\slnthal.sys
----a-w 13,240 2004-08-04 03:41:46 C:\WINDOWS\system32\drivers\slwdmsup.sys
----a-w 6,016 2004-08-04 04:07:38 C:\WINDOWS\system32\drivers\smbali.sys
----a-w 38,229 2004-12-19 00:32:32 C:\WINDOWS\system32\drivers\StMp3Rec.sys
----a-w 44,672 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\uagp35.sys
----a-w 12,672 2004-08-04 04:04:34 C:\WINDOWS\system32\drivers\usb8023x.sys
----a-w 78,464 2004-08-04 04:10:12 C:\WINDOWS\system32\drivers\usbvideo.sys
----a-w 11,325 2004-08-04 05:56:48 C:\WINDOWS\system32\drivers\vchnt5.dll
----a-w 42,240 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\viaagp.sys
----a-w 13,568 2004-08-04 04:04:54 C:\WINDOWS\system32\drivers\wacompen.sys
----a-w 11,807 2004-08-04 03:29:40 C:\WINDOWS\system32\drivers\wadv07nt.sys
----a-w 11,295 2004-08-04 03:29:40 C:\WINDOWS\system32\drivers\wadv08nt.sys
----a-w 11,871 2004-08-04 03:29:42 C:\WINDOWS\system32\drivers\wadv09nt.sys
----a-w 11,935 2004-08-04 03:29:42 C:\WINDOWS\system32\drivers\wadv11nt.sys
----a-w 22,271 2004-08-04 03:29:46 C:\WINDOWS\system32\drivers\watv06nt.sys
----a-w 25,471 2004-08-04 03:29:46 C:\WINDOWS\system32\drivers\watv10nt.sys
----a-w 405,504 2004-08-04 05:56:24 C:\WINDOWS\system32\mui\041b\xpob2res.dll
----a-w 193,024 2004-08-04 05:56:30 C:\WINDOWS\system32\mui\041b\xpsp1res.dll
----a-w 757,248 2004-08-04 05:56:30 C:\WINDOWS\system32\mui\041b\xpsp2res.dll
----a-w 187,392 2004-08-04 05:56:38 C:\WINDOWS\system32\mui\041e\xpsp1res.dll
----a-w 2,897,920 2004-08-04 05:56:38 C:\WINDOWS\system32\mui\041e\xpsp2res.dll
----a-w 408,576 2004-08-04 05:56:24 C:\WINDOWS\system32\mui\0424\xpob2res.dll
----a-w 192,512 2004-08-04 05:56:30 C:\WINDOWS\system32\mui\0424\xpsp1res.dll
----a-w 732,160 2004-08-04 05:56:32 C:\WINDOWS\system32\mui\0424\xpsp2res.dll
----a-w 17,920 2005-04-27 23:15:36 C:\WINDOWS\system32\usmt\cobramsg.dll
----a-w 115,200 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\guitrna.dll
----a-w 261,120 2005-04-28 17:16:30 C:\WINDOWS\system32\usmt\migisma.dll
----a-w 241,152 2005-04-28 00:12:57 C:\WINDOWS\system32\usmt\migwiza.exe
----a-w 199,680 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\scripta.dll
----a-w 173,568 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\sysmoda.dll
boiler85
09-18-2007, 09:46 PM
0 2007-08-19 07:27:16 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-08-19 07:27:16 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-08-19 07:27:16 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-08-19 07:27:16 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-08-19 07:27:17 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-08-19 07:27:17 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-08-19 07:27:17 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-08-19 07:27:16 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-08-19 07:27:16 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-08-19 07:27:17 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-08-19 07:27:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-08-19 07:27:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-r 12,288 2007-08-19 07:30:25 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-08-19 07:30:24 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-08-19 07:30:25 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-08-19 07:30:25 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-08-19 07:30:25 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-08-19 07:30:25 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-08-19 07:30:25 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 23,040 2007-08-19 07:30:26 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-08-19 07:30:24 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-08-19 07:30:24 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
------w 65,024 2004-08-04 05:56:42 C:\WINDOWS\system32\asycfilt.dll
------w 377,984 2004-08-04 05:56:42 C:\WINDOWS\system32\ati2dvaa.dll
------w 32,768 2004-08-04 05:56:42 C:\WINDOWS\system32\ativtmxx.dll
------w 14,336 2004-08-04 05:56:48 C:\WINDOWS\system32\auditusr.exe
------w 8,192 2004-08-04 05:56:42 C:\WINDOWS\system32\bitsprx2.dll
------w 7,168 2004-08-04 05:56:42 C:\WINDOWS\system32\bitsprx3.dll
------w 71,680 2004-08-04 05:56:48 C:\WINDOWS\system32\blastcln.exe
------w 20,992 2004-08-04 05:56:42 C:\WINDOWS\system32\bthci.dll
------w 30,208 2004-08-04 05:56:42 C:\WINDOWS\system32\bthserv.dll
------w 50,688 2004-08-04 05:56:42 C:\WINDOWS\system32\btpanui.dll
------w 13,824 2004-08-04 05:56:42 C:\WINDOWS\system32\cmsetacl.dll
----a-w 50,620 2003-03-31 02:00:00 C:\WINDOWS\system32\command.com
------w 20,992 2004-08-04 05:56:50 C:\WINDOWS\system32\faxpatch.exe
------w 193,024 2004-08-04 05:56:50 C:\WINDOWS\system32\fsquirt.exe
------w 60,416 2004-08-04 05:56:44 C:\WINDOWS\system32\fwcfg.dll
------w 32,285 2004-08-04 05:56:44 C:\WINDOWS\system32\hsfcisp2.dll
------w 24,576 2004-08-04 05:56:44 C:\WINDOWS\system32\httpapi.dll
------w 61,952 2006-10-17 16:58:20 C:\WINDOWS\system32\icardie.dll
------w 26,112 2006-06-29 13:05:44 C:\WINDOWS\system32\idndl.dll
------w 180,736 2006-11-08 02:03:36 C:\WINDOWS\system32\ieui.dll
------w 755,200 2004-08-04 05:56:44 C:\WINDOWS\system32\ir50_32.dll
------w 200,192 2004-08-04 05:56:44 C:\WINDOWS\system32\ir50_qc.dll
------w 183,808 2004-08-04 05:56:44 C:\WINDOWS\system32\ir50_qcx.dll
------w 7,168 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdfi1.dll
------w 6,144 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdinbe1.dll
------w 6,656 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdinben.dll
------w 6,656 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdinmal.dll
------w 5,632 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdmaori.dll
------w 6,144 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdmlt47.dll
------w 6,144 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdmlt48.dll
------w 7,168 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdno1.dll
------w 7,680 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdsmsfi.dll
------w 7,680 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdsmsno.dll
------w 7,168 2004-08-04 05:56:12 C:\WINDOWS\system32\kbdukx.dll
------w 59,392 2004-08-04 05:56:52 C:\WINDOWS\system32\logman.exe
----a-w 16,789,464 2007-08-03 01:34:12 C:\WINDOWS\system32\MRT.exe
------w 118,784 2004-08-04 05:56:44 C:\WINDOWS\system32\msdadiag.dll
------w 12,288 2006-10-17 16:58:32 C:\WINDOWS\system32\msfeedssync.exe
boiler85
09-18-2007, 09:46 PM
4 2002-01-05 10:37:28 C:\WINDOWS\system32\msvcr70.dll
------w 61,440 2004-08-04 03:58:26 C:\WINDOWS\system32\msvcrt40.dll
------w 1,737,856 2004-08-04 05:56:46 C:\WINDOWS\system32\mtxparhd.dll
------w 24,576 2006-06-28 22:59:26 C:\WINDOWS\system32\nlsdl.dll
------w 23,552 2006-06-29 13:05:44 C:\WINDOWS\system32\normaliz.dll
------w 4,274,816 2004-08-04 05:56:46 C:\WINDOWS\system32\nv4_disp.dll
------w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\oleaut32.dll
------w 83,456 2004-08-04 05:56:46 C:\WINDOWS\system32\olepro32.dll
------w 116,224 2004-08-04 05:56:46 C:\WINDOWS\system32\p2p.dll
------w 86,016 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pgasvc.dll
------w 312,320 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pgraph.dll
------w 88,064 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pnetsh.dll
------w 526,848 2004-08-04 05:56:46 C:\WINDOWS\system32\p2psvc.dll
------w 48,640 2004-08-04 05:56:46 C:\WINDOWS\system32\pnrpnsp.dll
------w 49,152 2004-08-04 05:56:56 C:\WINDOWS\system32\powercfg.exe
------w 9,216 2004-08-04 05:56:56 C:\WINDOWS\system32\proxycfg.exe
------w 397,056 2004-08-04 05:56:46 C:\WINDOWS\system32\s3gnb.dll
------w 29,184 2004-08-04 05:56:46 C:\WINDOWS\system32\sdhcinst.dll
------w 4,569 2004-08-02 19:20:40 C:\WINDOWS\system32\secupd.dat
------w 73,832 2004-08-04 05:56:46 C:\WINDOWS\system32\slcoinst.dll
------w 286,792 2004-08-04 05:56:46 C:\WINDOWS\system32\slextspk.dll
------w 188,508 2004-08-04 05:56:46 C:\WINDOWS\system32\slgen.dll
------w 32,866 2004-08-04 05:56:58 C:\WINDOWS\system32\slrundll.exe
------w 73,796 2004-08-04 05:56:58 C:\WINDOWS\system32\slserv.exe
------w 8,192 2004-08-04 05:56:58 C:\WINDOWS\system32\smbinst.exe
------w 14,640 2006-12-10 18:10:02 C:\WINDOWS\system32\spmsg.dll
------w 11,776 2004-08-04 05:56:58 C:\WINDOWS\system32\spnpinst.exe
------w 21,504 2004-08-04 05:56:58 C:\WINDOWS\system32\spupdwxp.exe
------w 75,776 2004-08-04 05:56:46 C:\WINDOWS\system32\strmfilt.dll
------w 44,032 2004-08-04 05:56:48 C:\WINDOWS\system32\twext.dll
------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
------w 28,672 2006-03-17 00:38:01 C:\WINDOWS\system32\verclsid.exe
------w 66,880 2002-10-16 19:40:20 C:\WINDOWS\system32\vsdata.dll
------w 145,800 2002-10-16 19:40:26 C:\WINDOWS\system32\vsdatant.sys
------w 15,872 2004-08-04 05:56:48 C:\WINDOWS\system32\w3ssl.dll
------w 336,768 2007-03-15 22:17:08 C:\WINDOWS\system32\WgaTray.exe
------w 206,336 2006-10-17 17:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
------w 17,408 2004-08-04 05:56:48 C:\WINDOWS\system32\winshfhc.dll
------w 168,448 2004-08-04 05:56:36 C:\WINDOWS\system32\wmerror.dll
------w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\wmp.dll
------w 114,688 2004-08-04 05:56:48 C:\WINDOWS\system32\wmpasf.dll
------w 233,472 2004-08-04 05:56:48 C:\WINDOWS\system32\wmpdxm.dll
------w 13,824 2004-08-04 05:56:58 C:\WINDOWS\system32\wscntfy.exe
------w 114,688 2004-08-04 05:56:58 C:\WINDOWS\system32\wscript.exe
------w 81,408 2004-08-04 05:56:48 C:\WINDOWS\system32\wscsvc.dll
------w 108,032 2004-08-04 05:56:48 C:\WINDOWS\system32\wshbth.dll
------w 121,856 2006-07-14 15:51:51 C:\WINDOWS\system32\xmllite.dll
------w 129,536 2004-08-04 05:56:48 C:\WINDOWS\system32\xmlprov.dll
------w 50,176 2004-08-04 05:56:48 C:\WINDOWS\system32\xmlprovi.dll
------w 438,784 2004-08-04 05:56:38 C:\WINDOWS\system32\xpob2res.dll
------w 361,984 2004-07-01 22:08:18 C:\WINDOWS\system32\bits\qmgr.dll
----a-w 32,768 2007-09-09 00:37:53 C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
----a-w 32,768 2007-09-09 00:37:53 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 114,688 2007-09-09 00:37:53 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
------w 100,352 2006-08-16 11:58:05 C:\WINDOWS\system32\dllcache\6to4svc.dll
------w 71,680 2006-11-07 08:26:44 C:\WINDOWS\system32\dllcache\admparse.dll
------w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
------w 42,496 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdp2.dll
------w 256,512 2006-10-12 11:54:07 C:\WINDOWS\system32\dllcache\agentsvr.exe
------w 1,022,976 2006-10-23 15:34:19 C:\WINDOWS\system32\dllcache\browseui.dll
------w 151,040 2006-10-23 15:34:19 C:\WINDOWS\system32\dllcache\cdfview.dll
------w 69,120 2006-06-22 05:06:29 C:\WINDOWS\system32\dllcache\ciodm.dll
------w 617,472 2006-08-25 15:45:58 C:\WINDOWS\system32\dllcache\comctl32.dll
------w 17,408 2007-01-09 00:01:14 C:\WINDOWS\system32\dllcache\corpol.dll
------w 1,054,208 2006-10-23 15:34:20 C:\WINDOWS\system32\dllcache\danim.dll
------w 111,616 2006-05-19 12:59:41 C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
------w 86,528 2007-05-16 15:12:00 C:\WINDOWS\system32\dllcache\directdb.dll
------w 148,480 2006-06-26 17:37:10 C:\WINDOWS\system32\dllcache\dnsapi.dll
------w 498,742 2006-08-22 09:05:26 C:\WINDOWS\system32\dllcache\dxmasf.dll
------w 16,896 2006-08-21 12:21:06 C:\WINDOWS\system32\dllcache\fltlib.dll
------w 23,040 2006-08-21 09:14:58 C:\WINDOWS\system32\dllcache\fltmc.exe
------w 128,896 2006-08-21 09:14:58 C:\WINDOWS\system32\dllcache\fltmgr.sys
------w 282,112 2007-06-19 13:31:19 C:\WINDOWS\system32\dllcache\gdi32.dll
------w 72,704 2006-07-21 08:24:43 C:\WINDOWS\system32\dllcache\hlink.dll
------w 60,416 2006-10-17 16:44:36 C:\WINDOWS\system32\dllcache\hmmapi.dll
------w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
------w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
------w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
------w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
------w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\system32\dllcache\ieapfltr.dat
------w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
------w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
------w 78,336 2006-10-17 17:06:00 C:\WINDOWS\system32\dllcache\ieencode.dll
------w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
------w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
------w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
------w 55,296 2006-11-07 08:26:42 C:\WINDOWS\system32\dllcache\iesetup.dll
------w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
------w 36,352 2006-10-17 16:57:58 C:\WINDOWS\system32\dllcache\imgutil.dll
------w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
------w 163,840 2006-06-01 18:47:07 C:\WINDOWS\system32\dllcache\jgdw400.dll
------w 27,648 2006-06-01 18:47:07 C:\WINDOWS\system32\dllcache\jgpl400.dll
------w 984,576 2007-04-16 15:52:53 C:\WINDOWS\system32\dllcache\kernel32.dll
------w 172,416 2006-06-14 08:47:45 C:\WINDOWS\system32\dllcache\kmixer.sys
boiler85
09-18-2007, 09:48 PM
0 2006-10-17 17:05:10 C:\WINDOWS\system32\dllcache\licmgr10.dll
------w 721,920 2006-08-17 12:28:27 C:\WINDOWS\system32\dllcache\lsasrv.dll
------w 40,960 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\mf3216.dll
------w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\dllcache\mfc40u.dll
------w 981,760 2006-10-14 08:13:25 C:\WINDOWS\system32\dllcache\mfc42u.dll
------w 453,120 2006-05-05 09:41:45 C:\WINDOWS\system32\dllcache\mrxsmb.sys
------w 536,576 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msado15.dll
------w 180,224 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadomd.dll
------w 200,704 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadox.dll
------w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
------w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
------w 539,136 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\msftedit.dll
------w 45,568 2006-10-17 16:56:10 C:\WINDOWS\system32\dllcache\mshta.exe
------w 48,128 2006-10-17 16:28:56 C:\WINDOWS\system32\dllcache\mshtmler.dll
------w 102,400 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msjro.dll
------w 1,314,816 2007-05-16 15:12:08 C:\WINDOWS\system32\dllcache\msoe.dll
------w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\system32\dllcache\msxml3.dll
------w 332,288 2006-08-17 12:28:27 C:\WINDOWS\system32\dllcache\netapi32.dll
------w 574,464 2007-02-09 11:10:35 C:\WINDOWS\system32\dllcache\ntfs.sys
------w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
------w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
------w 142,336 2006-10-13 12:35:12 C:\WINDOWS\system32\dllcache\nwprovau.dll
------w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
------w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\dllcache\oleaut32.dll
------w 1,435,648 2006-06-22 05:06:30 C:\WINDOWS\system32\dllcache\query.dll
------w 8,192 2006-06-26 17:37:10 C:\WINDOWS\system32\dllcache\rasadhlp.dll
------w 181,248 2006-05-14 08:44:08 C:\WINDOWS\system32\dllcache\rasmans.dll
------w 174,592 2006-05-05 09:47:57 C:\WINDOWS\system32\dllcache\rdbss.sys
------w 433,152 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\riched20.dll
------w 202,240 2006-07-13 08:48:58 C:\WINDOWS\system32\dllcache\rmcast.sys
------w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\dllcache\schannel.dll
------w 1,497,600 2006-10-23 15:34:22 C:\WINDOWS\system32\dllcache\shdocvw.dll
------w 474,112 2006-10-23 15:34:22 C:\WINDOWS\system32\dllcache\shlwapi.dll
------w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shsvcs.dll
------w 6,400 2006-06-14 08:47:46 C:\WINDOWS\system32\dllcache\splitter.sys
------w 332,928 2006-08-14 10:34:41 C:\WINDOWS\system32\dllcache\srv.sys
------w 246,814 2006-08-21 14:52:08 C:\WINDOWS\system32\dllcache\strmdll.dll
------w 713,216 2006-10-19 13:56:32 C:\WINDOWS\system32\dllcache\sxs.dll
------w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
------w 225,664 2006-08-16 09:37:30 C:\WINDOWS\system32\dllcache\tcpip6.sys
------w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\dllcache\upnphost.dll
------w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
------w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll
------w 413,696 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\vbscript.dll
------w 510,976 2007-05-16 15:12:12 C:\WINDOWS\system32\dllcache\wab32.dll
------w 85,504 2007-05-16 15:12:15 C:\WINDOWS\system32\dllcache\wabimp.dll
------w 82,944 2006-06-14 09:00:45 C:\WINDOWS\system32\dllcache\wdmaud.sys
------w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
------w 236,928 2007-03-15 22:16:42 C:\WINDOWS\system32\dllcache\WgaLogon.dll
------w 336,768 2007-03-15 22:17:08 C:\WINDOWS\system32\dllcache\WgaTray.exe
------w 333,824 2006-12-19 18:16:47 C:\WINDOWS\system32\dllcache\wiaservc.dll
------w 1,843,584 2007-03-08 13:47:48 C:\WINDOWS\system32\dllcache\win32k.sys
------w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\dllcache\winsrv.dll
------w 132,096 2006-08-17 12:28:27 C:\WINDOWS\system32\dllcache\wkssvc.dll
------w 2,174,976 2006-12-07 22:02:24 C:\WINDOWS\system32\dllcache\wmvcore.dll
------w 4,255 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv01nt5.dll
------w 3,967 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv02nt5.dll
------w 3,615 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv05nt5.dll
------w 3,647 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv07nt5.dll
------w 3,135 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv08nt5.dll
------w 3,711 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv09nt5.dll
------w 3,775 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\adv11nt5.dll
------w 42,368 2004-08-04 04:07:42 C:\WINDOWS\system32\drivers\agp440.sys
------w 44,928 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\agpcpq.sys
boiler85
09-18-2007, 09:48 PM
2 2004-08-04 04:07:42 C:\WINDOWS\system32\drivers\alim1541.sys
------w 43,008 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\amdagp.sys
------w 56,623 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\ati1btxx.sys
------w 11,615 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\ati1mdxx.sys
------w 12,047 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\ati1pdxx.sys
------w 30,671 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1raxx.sys
------w 63,663 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1rvxx.sys
------w 26,367 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1snxx.sys
------w 21,343 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1ttxx.sys
------w 36,463 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1tuxx.sys
------w 29,455 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1xbxx.sys
------w 34,735 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\ati1xsxx.sys
------w 327,040 2004-08-04 03:29:28 C:\WINDOWS\system32\drivers\ati2mtaa.sys
------w 57,856 2004-08-04 03:29:28 C:\WINDOWS\system32\drivers\atinbtxx.sys
------w 13,824 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\atinmdxx.sys
------w 14,336 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\atinpdxx.sys
------w 52,224 2004-08-04 03:29:30 C:\WINDOWS\system32\drivers\atinraxx.sys
------w 104,960 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinrvxx.sys
------w 28,672 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinsnxx.sys
------w 13,824 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinttxx.sys
------w 73,216 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atintuxx.sys
------w 31,744 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinxbxx.sys
------w 63,488 2004-08-04 03:29:32 C:\WINDOWS\system32\drivers\atinxsxx.sys
------w 21,183 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv01nt5.dll
------w 11,359 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv02nt5.dll
------w 25,471 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv04nt5.dll
------w 14,143 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv06nt5.dll
------w 17,279 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\atv10nt5.dll
boiler85
09-18-2007, 09:49 PM
------w 17,024 2004-08-04 04:10:40 C:\WINDOWS\system32\drivers\bthenum.sys
------w 38,016 2004-08-04 04:10:40 C:\WINDOWS\system32\drivers\bthmodem.sys
------w 100,992 2004-08-04 03:58:40 C:\WINDOWS\system32\drivers\bthpan.sys
------w 274,304 2004-08-04 04:10:38 C:\WINDOWS\system32\drivers\bthport.sys
------w 35,456 2004-08-04 04:10:38 C:\WINDOWS\system32\drivers\bthprint.sys
------w 18,944 2004-08-04 04:10:36 C:\WINDOWS\system32\drivers\bthusb.sys
------w 15,423 2004-08-04 05:56:42 C:\WINDOWS\system32\drivers\ch7xxnt5.dll
------w 128,896 2006-08-21 09:14:58 C:\WINDOWS\system32\drivers\fltmgr.sys
------w 46,464 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\gagp30kx.sys
------w 25,600 2004-08-04 04:10:38 C:\WINDOWS\system32\drivers\hidbth.sys
------w 15,104 2004-08-04 04:08:20 C:\WINDOWS\system32\drivers\hidir.sys
------w 220,032 2004-08-04 03:41:48 C:\WINDOWS\system32\drivers\hsfbs2s2.sys
------w 685,056 2004-08-04 03:41:50 C:\WINDOWS\system32\drivers\hsfcxts2.sys
------w 1,041,536 2004-08-04 03:41:56 C:\WINDOWS\system32\drivers\hsfdpsp2.sys
------w 262,784 2006-03-17 00:33:10 C:\WINDOWS\system32\drivers\http.sys
------w 36,096 2004-08-04 03:59:20 C:\WINDOWS\system32\drivers\intelppm.sys
------w 29,056 2004-08-04 04:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys
------w 15,488 2004-08-04 04:07:48 C:\WINDOWS\system32\drivers\mssmbios.sys
------w 126,686 2004-08-04 03:41:40 C:\WINDOWS\system32\drivers\mtlmnt5.sys
------w 1,309,184 2004-08-04 03:41:38 C:\WINDOWS\system32\drivers\mtlstrm.sys
------w 452,736 2004-08-04 03:29:38 C:\WINDOWS\system32\drivers\mtxparhm.sys
------w 12,672 2004-08-04 04:04:52 C:\WINDOWS\system32\drivers\mutohpen.sys
------w 180,360 2004-08-04 03:41:40 C:\WINDOWS\system32\drivers\ntmtlfax.sys
------w 1,897,408 2004-08-04 03:29:56 C:\WINDOWS\system32\drivers\nv4_mini.sys
------w 13,776 2004-08-04 03:41:40 C:\WINDOWS\system32\drivers\recagent.sys
------w 59,648 2004-08-04 04:10:40 C:\WINDOWS\system32\drivers\rfcomm.sys
------w 30,080 2004-08-04 04:04:32 C:\WINDOWS\system32\drivers\rndismpx.sys
------w 166,912 2004-08-04 03:29:52 C:\WINDOWS\system32\drivers\s3gnbm.sys
------w 67,584 2004-08-04 04:07:48 C:\WINDOWS\system32\drivers\sdbus.sys
------w 11,136 2004-08-04 03:59:56 C:\WINDOWS\system32\drivers\sffdisk.sys
------w 10,240 2004-08-04 03:59:56 C:\WINDOWS\system32\drivers\sffp_sd.sys
------w 3,901 2004-08-04 05:56:46 C:\WINDOWS\system32\drivers\siint5.dll
------w 41,088 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\sisagp.sys
------w 129,535 2004-08-04 03:41:42 C:\WINDOWS\system32\drivers\slnt7554.sys
------w 404,990 2004-08-04 03:41:44 C:\WINDOWS\system32\drivers\slntamr.sys
------w 95,424 2004-08-04 03:41:46 C:\WINDOWS\system32\drivers\slnthal.sys
------w 13,240 2004-08-04 03:41:46 C:\WINDOWS\system32\drivers\slwdmsup.sys
------w 6,016 2004-08-04 04:07:38 C:\WINDOWS\system32\drivers\smbali.sys
------w 38,229 2004-12-19 00:32:32 C:\WINDOWS\system32\drivers\StMp3Rec.sys
------w 44,672 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\uagp35.sys
------w 12,672 2004-08-04 04:04:34 C:\WINDOWS\system32\drivers\usb8023x.sys
------w 78,464 2004-08-04 04:10:12 C:\WINDOWS\system32\drivers\usbvideo.sys
------w 11,325 2004-08-04 05:56:48 C:\WINDOWS\system32\drivers\vchnt5.dll
------w 42,240 2004-08-04 04:07:44 C:\WINDOWS\system32\drivers\viaagp.sys
------w 13,568 2004-08-04 04:04:54 C:\WINDOWS\system32\drivers\wacompen.sys
------w 11,807 2004-08-04 03:29:40 C:\WINDOWS\system32\drivers\wadv07nt.sys
------w 11,295 2004-08-04 03:29:40 C:\WINDOWS\system32\drivers\wadv08nt.sys
------w 11,871 2004-08-04 03:29:42 C:\WINDOWS\system32\drivers\wadv09nt.sys
------w 11,935 2004-08-04 03:29:42 C:\WINDOWS\system32\drivers\wadv11nt.sys
------w 22,271 2004-08-04 03:29:46 C:\WINDOWS\system32\drivers\watv06nt.sys
------w 25,471 2004-08-04 03:29:46 C:\WINDOWS\system32\drivers\watv10nt.sys
------w 405,504 2004-08-04 05:56:24 C:\WINDOWS\system32\mui\041b\xpob2res.dll
------w 193,024 2004-08-04 05:56:30 C:\WINDOWS\system32\mui\041b\xpsp1res.dll
------w 757,248 2004-08-04 05:56:30 C:\WINDOWS\system32\mui\041b\xpsp2res.dll
------w 187,392 2004-08-04 05:56:38 C:\WINDOWS\system32\mui\041e\xpsp1res.dll
------w 2,897,920 2004-08-04 05:56:38 C:\WINDOWS\system32\mui\041e\xpsp2res.dll
------w 408,576 2004-08-04 05:56:24 C:\WINDOWS\system32\mui\0424\xpob2res.dll
------w 192,512 2004-08-04 05:56:30 C:\WINDOWS\system32\mui\0424\xpsp1res.dll
------w 732,160 2004-08-04 05:56:32 C:\WINDOWS\system32\mui\0424\xpsp2res.dll
------w 17,920 2005-04-27 23:15:36 C:\WINDOWS\system32\usmt\cobramsg.dll
------w 115,200 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\guitrna.dll
------w 261,120 2005-04-28 17:16:30 C:\WINDOWS\system32\usmt\migisma.dll
------w 241,152 2005-04-28 00:12:57 C:\WINDOWS\system32\usmt\migwiza.exe
------w 199,680 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\scripta.dll
------w 173,568 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\sysmoda.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
boiler85
09-18-2007, 09:49 PM
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 14:31]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 14:34]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 11:26]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 11:14]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 22:55]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 20:23]
"CARPService"="carpserv.exe" [2003-05-21 16:35 C:\WINDOWS\system32\carpserv.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe" [2004-06-21 13:40]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-07-29 01:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 16:45]
"{00-06-67-71-ZN}"="c:\windows\system32\dwdsrngt.exe" []
"mede"="C:\Program Files\Common Files\mede22011.exe" [2007-08-07 16:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"areslite"="C:\Program Files\Ares Lite Edition\AresLite.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-16 17:30]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36]
Purdue University Air Link.lnk - C:\Program Files\Purdue University\Air Link\ipsecdialer.exe [2004-10-05 21:33:00]

C:\DOCUME~1\MAGGIE~1\STARTM~1\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-20 11:41:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqpqr]
rqrqpqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WildTangent CDA"=RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdud f_xp.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mv stdi5x.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.s ys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\driver s\UdfReadr_xp.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Purdue University\Air Link\cvpnd.exe"
R2 CVPNDRV;Purdue University IPsec Driver;\??\C:\WINDOWS\System32\Drivers\CVPNDRV.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\syste m32\DRIVERS\strmdisp.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\cali hal.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\ EntDrv51.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.s ys
S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.s ys
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6e244663-f4e5-11db-82a3-00904b55f22c}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 20:22:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-18 21:18:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-09-18 20:30:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [2728] 0xFD203578


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-09-18 20:36:40
C:\ComboFix-quarantined-files.txt ... 2007-09-18 20:36
C:\ComboFix2.txt ... 2007-09-08 21:15
.
--- E O F ---
Budfred
09-18-2007, 10:38 PM
When you post so infrequently it is hard to follow what is going on and there is a good possibility that you are getting reinfected if you are online or installing things between posts... Please stay offline as much as possible and post more promptly so that I can get a better idea of what is going on... Also, please post the logs I ask for, in this case I asked for an HJT log in addition to the ComboFix log... I need more info to proceed, so please run these tools and then post the HJT log after a reboot:

* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


and then.................

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

Post the logs from these and the new HJT log...