1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser acting funny

Discussion in 'Virus & Other Malware Removal' started by Roy151, Dec 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
    Hey everyone. My computer has been acting funny latley. It works fine for about 5 minutes, then the internet browsers start redirecting and stop working. Also when i try to put my computer into standby it refuses.

    Dell Inspiron laptop
    OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
    Processor Count: 2
    RAM: 1014 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
    Hard Drives: C: Total - 152625 MB, Free - 34397 MB;
    Motherboard: Dell Inc., 0KD882, , .1NXM5B1.CN4864365V4116.
    Antivirus: None

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:30:52 AM, on 12/28/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\spoolsv.exe
    C:\WINXP\Explorer.EXE
    C:\WINXP\ehome\ehtray.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINXP\system32\hkcmd.exe
    C:\WINXP\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINXP\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
    C:\WINXP\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINXP\eHome\ehRecvr.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINXP\eHome\ehmsas.exe
    C:\WINXP\eHome\ehSched.exe
    C:\WINXP\system32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINXP\system32\wuauclt.exe
    C:\Program Files\2\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=C:\WINXP\system32\userinit.exe,C:\WINXP\system32\ini.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINXP\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Default User.WINXP\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dell Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/html - {8e9467ca-e46d-465a-85b9-1e59ecbb1a77} - C:\WINXP\msvideo.dll
    O20 - AppInit_DLLs: C:\WINXP\system32\0053.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    DDS (Ver_10-12-12.01) - NTFSx86
    Run by Dell Owner at 9:33:11.90 on Tue 12/28/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.549 [GMT -6:00]

    ============== Running Processes ===============
    C:\WINXP\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINXP\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINXP\system32\spoolsv.exe
    C:\WINXP\Explorer.EXE
    C:\WINXP\ehome\ehtray.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINXP\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINXP\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
    C:\WINXP\system32\igfxsrvc.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINXP\eHome\ehRecvr.exe
    C:\WINXP\system32\svchost.exe -k HPService
    C:\WINXP\System32\svchost.exe -k HPZ12
    C:\WINXP\System32\svchost.exe -k HPZ12
    svchost.exe
    C:\WINXP\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINXP\eHome\ehmsas.exe
    C:\WINXP\eHome\ehSched.exe
    C:\WINXP\system32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINXP\system32\wuauclt.exe
    C:\Program Files\2\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINXP\System32\mshta.exe
    C:\Documents and Settings\Dell Owner\Desktop\dds.pif
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    mWinlogon: Userinit=c:\winxp\system32\userinit.exe,c:\winxp\system32\ini.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [Google Update] "c:\documents and settings\dell owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [ehTray] c:\winxp\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [IgfxTray] c:\winxp\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\winxp\system32\hkcmd.exe
    mRun: [Persistence] c:\winxp\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\default user.winxp\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
    LSP: bmnet.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/html - {8e9467ca-e46d-465a-85b9-1e59ecbb1a77} -
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\winxp\system32\0053.DLL
    ============= SERVICES / DRIVERS ===============
    R2 McrdSvc;Media Center Extender Service;c:\winxp\ehome\mcrdsvc.exe [2005-8-5 99328]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2009-12-4 121416]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\winxp\system32\drivers\mbamswissarmy.sys [2009-8-30 38224]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\winxp\system32\2d.tmp --> c:\winxp\system32\2D.tmp [?]
    S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\winxp\system32\drivers\swnc8u80.sys [2008-8-20 168192]
    S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\winxp\system32\drivers\swumx80.sys [2008-8-20 142976]
    =============== Created Last 30 ================
    2010-12-13 18:54:30 -------- d-----w- c:\program files\EndItAll
    2010-12-13 15:28:36 -------- d-----w- c:\program files\EwisoftWebFull
    2010-12-13 15:13:48 -------- d-----w- c:\program files\EwisoftWeb2
    2010-12-11 21:10:31 388096 ----a-r- c:\docume~1\dellow~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-11 21:10:30 -------- d-----w- c:\program files\2
    2010-12-11 18:01:20 -------- d-----w- c:\program files\BitTorrent
    2010-12-11 18:00:43 -------- d-----w- c:\docume~1\dellow~1\applic~1\BitTorrent
    ==================== Find3M ====================
    2006-09-21 23:50:41 36638720 -c--a-w- c:\program files\iTunesSetup.exe
    2005-01-13 21:47:42 61440 ----a-w- c:\program files\mdMod1.dll
    2004-07-29 01:43:27 24576 ----a-w- c:\program files\EnDeCrypt.dll
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1600BEVS-07RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x852E0EC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x864eb872; SUB DWORD [EBP-0x4], 0x864eb12e; PUSH EDI; CALL 0xffffffffffffdf33; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x86F17AB8]
    3 CLASSPNP[0xF755E05B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> [0x86C542D8]
    [0x86B2C3B8] -> IRP_MJ_CREATE -> 0x852E0EC5
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-07RST0___________________04.01G04#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x852E0AEA
    user & kernel MBR OK
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !
    ============= FINISH: 9:36:49.72 ===============
     

    Attached Files:

  2. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
  3. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  5. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
    Thanks for your reply. Here's the Combofix Log:

    ComboFix 10-12-30.03 - Dell Owner 12/31/2010 10:21:02.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.717 [GMT -6:00]
    Running from: c:\documents and settings\Dell Owner\Desktop\ComboFix.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\Shared
    c:\program files\Shared\lib.sig
    c:\winxp\KB8888239.log
    c:\winxp\system32\0052.DLL
    c:\winxp\system32\ff4h.gy
    c:\winxp\system32\h7t.wt
    c:\winxp\system32\hgtd.ruy
    c:\winxp\system32\wexe.exe
    c:\winxp\system32\WORK.DAT
    c:\winxp\system32\wupd.dat
    c:\winxp\Tasks\At1.job
    c:\winxp\Tasks\At10.job
    c:\winxp\Tasks\At11.job
    c:\winxp\Tasks\At12.job
    c:\winxp\Tasks\At13.job
    c:\winxp\Tasks\At14.job
    c:\winxp\Tasks\At15.job
    c:\winxp\Tasks\At16.job
    c:\winxp\Tasks\At17.job
    c:\winxp\Tasks\At18.job
    c:\winxp\Tasks\At19.job
    c:\winxp\Tasks\At2.job
    c:\winxp\Tasks\At20.job
    c:\winxp\Tasks\At21.job
    c:\winxp\Tasks\At22.job
    c:\winxp\Tasks\At23.job
    c:\winxp\Tasks\At24.job
    c:\winxp\Tasks\At25.job
    c:\winxp\Tasks\At26.job
    c:\winxp\Tasks\At27.job
    c:\winxp\Tasks\At28.job
    c:\winxp\Tasks\At29.job
    c:\winxp\Tasks\At3.job
    c:\winxp\Tasks\At30.job
    c:\winxp\Tasks\At31.job
    c:\winxp\Tasks\At32.job
    c:\winxp\Tasks\At33.job
    c:\winxp\Tasks\At34.job
    c:\winxp\Tasks\At35.job
    c:\winxp\Tasks\At36.job
    c:\winxp\Tasks\At37.job
    c:\winxp\Tasks\At38.job
    c:\winxp\Tasks\At39.job
    c:\winxp\Tasks\At4.job
    c:\winxp\Tasks\At40.job
    c:\winxp\Tasks\At41.job
    c:\winxp\Tasks\At42.job
    c:\winxp\Tasks\At43.job
    c:\winxp\Tasks\At44.job
    c:\winxp\Tasks\At45.job
    c:\winxp\Tasks\At46.job
    c:\winxp\Tasks\At47.job
    c:\winxp\Tasks\At48.job
    c:\winxp\Tasks\At49.job
    c:\winxp\Tasks\At5.job
    c:\winxp\Tasks\At50.job
    c:\winxp\Tasks\At51.job
    c:\winxp\Tasks\At52.job
    c:\winxp\Tasks\At53.job
    c:\winxp\Tasks\At54.job
    c:\winxp\Tasks\At55.job
    c:\winxp\Tasks\At56.job
    c:\winxp\Tasks\At57.job
    c:\winxp\Tasks\At58.job
    c:\winxp\Tasks\At59.job
    c:\winxp\Tasks\At6.job
    c:\winxp\Tasks\At60.job
    c:\winxp\Tasks\At61.job
    c:\winxp\Tasks\At62.job
    c:\winxp\Tasks\At63.job
    c:\winxp\Tasks\At64.job
    c:\winxp\Tasks\At65.job
    c:\winxp\Tasks\At66.job
    c:\winxp\Tasks\At67.job
    c:\winxp\Tasks\At68.job
    c:\winxp\Tasks\At69.job
    c:\winxp\Tasks\At7.job
    c:\winxp\Tasks\At70.job
    c:\winxp\Tasks\At71.job
    c:\winxp\Tasks\At72.job
    c:\winxp\Tasks\At8.job
    c:\winxp\Tasks\At9.job
    c:\winxp\VMPipe32.dll
    Infected copy of c:\winxp\system32\drivers\ipsec.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    c:\winxp\system32\drivers\cdrom.sys . . . is missing!!
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
    .
    2010-12-29 22:32 . 2010-12-29 22:32 368 ----a-w- C:\temp.reg
    2010-12-29 22:30 . 2010-12-29 22:34 -------- d-----w- c:\program files\ATCsimulator2
    2010-12-29 22:30 . 2004-08-10 11:00 343040 ----a-w- c:\winxp\system32\msvcrt.dll
    2010-12-29 22:30 . 2010-12-29 22:30 -------- d-----w- c:\winxp\speech
    2010-12-29 22:30 . 2004-08-10 11:00 54784 ----a-w- c:\winxp\system32\msvcirt.dll
    2010-12-29 22:30 . 2010-12-29 22:30 -------- d-----w- c:\winxp\lhsp
    2010-12-29 22:30 . 2004-08-10 11:00 565760 ----a-w- c:\winxp\system32\msvcp50.dll
    2010-12-29 03:12 . 2009-06-18 17:55 18816 ------w- c:\winxp\system32\SAVRKBootTasks.sys
    2010-12-13 18:54 . 2010-12-13 18:56 -------- d-----w- c:\program files\EndItAll
    2010-12-13 15:28 . 2010-12-13 15:28 -------- d-----w- c:\program files\EwisoftWebFull
    2010-12-13 15:13 . 2010-12-13 15:13 -------- d-----w- c:\program files\EwisoftWeb2
    2010-12-11 21:10 . 2010-12-11 21:10 388096 ----a-r- c:\documents and settings\Dell Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-11 21:10 . 2010-12-11 21:10 -------- d-----w- c:\program files\2
    2010-12-11 19:00 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
    2010-12-11 18:32 . 2010-12-13 19:01 -------- d-----w- c:\documents and settings\Dell Owner\Application Data\FileZilla
    2010-12-11 18:31 . 2010-12-11 18:31 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-12-11 18:01 . 2010-12-11 18:01 -------- d-----w- c:\program files\BitTorrent
    2010-12-11 18:00 . 2010-12-11 23:53 -------- d-----w- c:\documents and settings\Dell Owner\Application Data\BitTorrent
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-29 22:30 . 2010-03-13 22:17 249856 ------w- c:\winxp\Setup1.exe
    2010-12-29 22:30 . 2010-03-13 22:17 73216 ----a-w- c:\winxp\ST6UNST.EXE
    2010-12-21 00:09 . 2009-08-31 00:08 38224 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
    2010-12-21 00:08 . 2009-08-31 00:08 20952 ----a-w- c:\winxp\system32\drivers\mbam.sys
    2006-09-21 23:50 . 2006-09-21 23:50 36638720 -c--a-w- c:\program files\iTunesSetup.exe
    2005-01-13 21:47 . 2005-01-13 21:47 61440 ----a-w- c:\program files\mdMod1.dll
    2004-07-29 01:43 . 2004-07-29 01:43 24576 ----a-w- c:\program files\EnDeCrypt.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Dell Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\winxp\ehome\ehtray.exe" [2005-08-05 64512]
    "IgfxTray"="c:\winxp\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\winxp\system32\igfxpers.exe" [2007-03-31 138008]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2010-02-26 36972]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2009-12-04 883272]
    "Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Default User.WINXP\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    c:\documents and settings\FSX\Start Menu\Programs\Startup\
    IMVU.lnk - c:\program files\IMVU\IMVUClient.exe [N/A]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Widefs\\WideClient.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINXP\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\winxp\system32\SAVRKBootTasks.sys [12/28/2010 9:12 PM 18816]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2010 4:30 PM 135664]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [12/4/2009 4:41 PM 121416]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\winxp\system32\drivers\mbamswissarmy.sys [8/30/2009 6:08 PM 38224]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\winxp\system32\28.tmp --> c:\winxp\system32\28.tmp [?]
    S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\winxp\system32\drivers\swnc8u80.sys [8/20/2008 12:35 PM 168192]
    S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\winxp\system32\drivers\swumx80.sys [8/20/2008 12:36 PM 142976]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder
    2010-12-31 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 22:30]
    2010-12-31 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 22:30]
    2010-12-29 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2077806209-725345543-1003Core.job
    - c:\documents and settings\Dell Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-25 15:35]
    2010-12-31 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2077806209-725345543-1003UA.job
    - c:\documents and settings\Dell Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-25 15:35]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    LSP: bmnet.dll
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 10:37
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\winxp\system32\28.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'lsass.exe'(884)
    c:\winxp\system32\bmnet.dll
    .
    Completion time: 2010-12-31 10:39:53
    ComboFix-quarantined-files.txt 2010-12-31 16:39
    Pre-Run: 35,758,374,912 bytes free
    Post-Run: 38,063,476,736 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINXP="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition Professional" /fastdetect /noexecute=optin
    - - End Of File - - A08DFD1255007D997E706AD61827AB45
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish

    NEXT

    Please download and install service pack 3 - Microsoft no longer supports SP2

    http://www.microsoft.com/downloads/...a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en
     
  7. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
    MBAM found nothing. ESET Results are below:

    C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\activmon\amagent4f.exe Win32/Spy.ActivityMonitor.C application deleted - quarantined
    C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\activmon\amonitor4f.exe Win32/Spy.ActivityMonitor.C application deleted - quarantined
    C:\Program Files\SpywareDetector\LiveUpdate.exe a variant of Win32/MaxPCsecure application cleaned by deleting - quarantined
    C:\Program Files\SpywareDetector\SDLiveupdate\NewSDProduct.exe a variant of Win32/MaxPCsecure application deleted - quarantined
    C:\Qoobox\Quarantine\C\WINXP\system32\0052.DLL.vir a variant of Win32/Witkinat.Q trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINXP\system32\wexe.exe.vir Win32/Witkinat.R trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINXP\system32\Drivers\ipsec.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
    C:\WINDOWS\system32\critical_warning.html Win32/TrojanDownloader.FakeAlert.ADG trojan cleaned by deleting - quarantined
    C:\WINDOWS\system32\logon.exe a variant of Win32/Injector.YJ trojan cleaned by deleting - quarantined
    C:\WINDOWS\system32\svchost.exe:exe.exe Win32/Obfuscated.NCY trojan cleaned by deleting - quarantined
    C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.ADM trojan cleaned by deleting - quarantined
    C:\WINDOWS\Temp\attuxbtkbp.exe a variant of Win32/Kryptik.APN trojan cleaned by deleting - quarantined
    C:\WINDOWS\Temp\cpv.exe a variant of Win32/Kryptik.AST trojan cleaned by deleting - quarantined
    C:\WINDOWS\Temp\SETUP.EXE a variant of Win32/Kryptik.AFP trojan cleaned by deleting - quarantined
    C:\WINDOWS\Temp\WZSZX7a67.tmp a variant of Win32/Kryptik.AFP trojan cleaned by deleting - quarantined
    C:\WINXP\system32\dllcache\user32.dll Win32/Pinit virus cleaned - quarantined
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Did you install SP3?

    Please rerun ComboFix - allow it to update is it requests to do so,

    then run a fresh DDS Log and Attach.txt and advise how the computer is running now and if there are any outstanding issues:

    NEXT


    [​IMG]
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 23 and save it to your desktop.
    • Scroll down to where it says JDK 6 Update 23 (JDK or JRE)
    • Click the Download JRE button to the right
    • Select the Windows platform from the dropdown menu.
    • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u23 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked

        • Applications and Applets
          Trace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.


    NEXT

    Visit ADOBEand download the latest version of Acrobat Reader (version X)
    Having the latest updates ensures there are no security vulnerabilities in your system.
     
  9. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
    The download JRE button seems to be broken. Can you confirm that?
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
  11. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
    That link worked. The first one still doesn't, and trying to get to the gmail website doesn't work either. Some sites aren't working on internet explorer?
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Run TFC

    then reset IE back to default

    Download TFC to your desktop
    Mirror
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.



    NEXT

    http://support.microsoft.com/kb/923737

    Use the "FixIt" button
     
  13. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
    I get errors when trying to install and remove programs. "The windows installer service could not be accessed". Also I forgot to note that I get the BSOD when i start the computer, and the only way to start it is by "using last known good config" or something like that. Thanks
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please run the following:

    • Click Start > Run... then type in CMD and click on OK.
    • At the Command Prompt C:\ > type the following: chkdsk c: /r and hit the Enter/Return key.
      Note: chkdsk c: /r presumes that the disk upon which you wish to run Error Checking is your C: Drive (most often)
    • When prompted with:
    • Hit the Y key then at the Command Prompt C:\ >
    • Type in EXIT and and hit the Enter/Return key.
    • Now Reboot(Restart) your computer.
    Note: Upon Reboot(Restart), CHKDSK will start and carry out the repairs required.
     
  15. Roy151

    Roy151 Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    17
    Ok got SP3, Java, and Reader installed. Internet explorer is working better. Here's the combofix log:

    ComboFix 11-01-01.01 - Dell Owner 01/01/2011 18:21:01.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.631 [GMT -6:00]
    Running from: c:\documents and settings\Dell Owner\Desktop\ComboFix.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
    .
    2011-01-02 00:09 . 2011-01-02 00:09 73728 ----a-w- c:\winxp\system32\javacpl.cpl
    2011-01-02 00:09 . 2011-01-02 00:09 472808 ----a-w- c:\winxp\system32\deployJava1.dll
    2011-01-01 21:59 . 2011-01-01 21:59 -------- d-----w- c:\winxp\system32\CatRoot_bak
    2010-12-31 23:00 . 2010-12-31 23:00 -------- d-----w- c:\winxp\system32\en
    2010-12-31 23:00 . 2010-12-31 23:00 -------- d-----w- c:\winxp\system32\bits
    2010-12-31 23:00 . 2008-04-14 11:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll
    2010-12-31 23:00 . 2008-04-14 11:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll
    2010-12-31 23:00 . 2007-04-03 06:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll
    2010-12-31 22:42 . 2008-04-14 06:10 62976 ----a-w- c:\winxp\system32\drivers\cdrom.sys
    2010-12-31 19:55 . 2010-12-31 19:55 -------- d-----w- c:\program files\ESET
    2010-12-29 22:32 . 2010-12-29 22:32 368 ----a-w- C:\temp.reg
    2010-12-29 22:30 . 2010-12-29 22:34 -------- d-----w- c:\program files\ATCsimulator2
    2010-12-29 22:30 . 2004-08-10 11:00 343040 ------w- c:\winxp\system32\msvcrt.dll
    2010-12-29 22:30 . 2010-12-29 22:30 -------- d-----w- c:\winxp\speech
    2010-12-29 22:30 . 2008-04-14 11:42 57344 ----a-w- c:\winxp\system32\msvcirt.dll
    2010-12-29 22:30 . 2010-12-29 22:30 -------- d-----w- c:\winxp\lhsp
    2010-12-29 22:30 . 2004-08-10 11:00 565760 ----a-w- c:\winxp\system32\msvcp50.dll
    2010-12-29 03:12 . 2009-06-18 17:55 18816 ------w- c:\winxp\system32\SAVRKBootTasks.sys
    2010-12-13 18:54 . 2010-12-13 18:56 -------- d-----w- c:\program files\EndItAll
    2010-12-13 15:28 . 2010-12-13 15:28 -------- d-----w- c:\program files\EwisoftWebFull
    2010-12-13 15:13 . 2010-12-13 15:13 -------- d-----w- c:\program files\EwisoftWeb2
    2010-12-11 21:10 . 2010-12-11 21:10 388096 ----a-r- c:\documents and settings\Dell Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-11 21:10 . 2010-12-11 21:10 -------- d-----w- c:\program files\2
    2010-12-11 19:00 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
    2010-12-11 18:32 . 2010-12-13 19:01 -------- d-----w- c:\documents and settings\Dell Owner\Application Data\FileZilla
    2010-12-11 18:31 . 2010-12-11 18:31 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-12-11 18:00 . 2010-12-11 23:53 -------- d-----w- c:\documents and settings\Dell Owner\Application Data\BitTorrent
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-29 22:30 . 2010-03-13 22:17 249856 ------w- c:\winxp\Setup1.exe
    2010-12-29 22:30 . 2010-03-13 22:17 73216 ----a-w- c:\winxp\ST6UNST.EXE
    2010-12-21 00:09 . 2009-08-31 00:08 38224 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
    2010-12-21 00:08 . 2009-08-31 00:08 20952 ----a-w- c:\winxp\system32\drivers\mbam.sys
    .
    ------- Sigcheck -------
    [7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\browser.dll
    [7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
    [-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\browser.dll
    [-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\browser.dll
    [-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winxp\system32\browser.dll
    [7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\lsass.exe
    [7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
    [-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\lsass.exe
    [-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\lsass.exe
    [-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winxp\system32\lsass.exe
    [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\netman.dll
    [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
    [-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\netman.dll
    [-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\netman.dll
    [-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winxp\system32\netman.dll
    [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\winxp\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3qfe\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\winxp\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3gdr\spoolsv.exe
    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\spoolsv.exe
    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
    [-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\spoolsv.exe
    [-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\spoolsv.exe
    [-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\winxp\system32\spoolsv.exe
    [7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\winlogon.exe
    [7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    [-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\winlogon.exe
    [-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\winlogon.exe
    [-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winxp\system32\winlogon.exe
    [7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\cryptsvc.dll
    [7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
    [-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\cryptsvc.dll
    [-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\cryptsvc.dll
    [-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winxp\system32\cryptsvc.dll
    [7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\imm32.dll
    [7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
    [-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\imm32.dll
    [-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\imm32.dll
    [-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winxp\system32\imm32.dll
    [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\linkinfo.dll
    [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
    [-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\linkinfo.dll
    [-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\linkinfo.dll
    [-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winxp\system32\linkinfo.dll
    [7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winxp\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winxp\ServicePackFiles\i386\msvcrt.dll
    [7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
    [7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
    [-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winxp\$NtServicePackUninstall$\msvcrt.dll
    [-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winxp\ERDNT\cache\msvcrt.dll
    [-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winxp\system32\msvcrt.dll
    [7] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winxp\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winxp\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    [7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\winxp\$hf_mig$\KB968389\SP2QFE\netlogon.dll
    [7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\winxp\$hf_mig$\KB975467\SP2QFE\netlogon.dll
    [7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\netlogon.dll
    [7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    [-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\netlogon.dll
    [-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\netlogon.dll
    [-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winxp\system32\netlogon.dll
    [7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winxp\ServicePackFiles\i386\powrprof.dll
    [7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
    [-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winxp\$NtServicePackUninstall$\powrprof.dll
    [-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winxp\ERDNT\cache\powrprof.dll
    [-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winxp\system32\powrprof.dll
    [7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\scecli.dll
    [7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
    [-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\scecli.dll
    [-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\scecli.dll
    [-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winxp\system32\scecli.dll
    [7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\sfc.dll
    [7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
    [-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\sfc.dll
    [-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\sfc.dll
    [-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winxp\system32\sfc.dll
    [7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\svchost.exe
    [7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
    [-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\svchost.exe
    [-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\svchost.exe
    [-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winxp\system32\svchost.exe
    [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\tapisrv.dll
    [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
    [-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\tapisrv.dll
    [-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\tapisrv.dll
    [-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winxp\system32\tapisrv.dll
    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\user32.dll
    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
    [-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\user32.dll
    [-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\user32.dll
    [-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winxp\system32\user32.dll
    [7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\ws2_32.dll
    [7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
    [-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\ws2_32.dll
    [-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\ws2_32.dll
    [-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winxp\system32\ws2_32.dll
    [7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\ws2help.dll
    [7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll
    [-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\ws2help.dll
    [-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\ws2help.dll
    [-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winxp\system32\ws2help.dll
    [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winxp\ServicePackFiles\i386\explorer.exe
    [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winxp\explorer.exe
    [-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winxp\$NtServicePackUninstall$\explorer.exe
    [-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winxp\ERDNT\cache\explorer.exe
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\winxp\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll
    [-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\winxp\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll
    [7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\ole32.dll
    [7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll
    [-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\ole32.dll
    [-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\ole32.dll
    [-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\winxp\system32\ole32.dll
    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\srsvc.dll
    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winxp\system32\srsvc.dll
    [7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\wscntfy.exe
    [7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
    [-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\wscntfy.exe
    [-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\wscntfy.exe
    [-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winxp\system32\wscntfy.exe
    [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\eventlog.dll
    [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    [-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\eventlog.dll
    [-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\eventlog.dll
    [-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winxp\system32\eventlog.dll
    [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\ctfmon.exe
    [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
    [-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\ctfmon.exe
    [-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\ctfmon.exe
    [-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winxp\system32\ctfmon.exe
    [7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winxp\ServicePackFiles\i386\shsvcs.dll
    [7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shsvcs.dll
    [-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winxp\$NtServicePackUninstall$\shsvcs.dll
    [-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winxp\ERDNT\cache\shsvcs.dll
    [-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winxp\system32\shsvcs.dll
    [7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\regsvc.dll
    [7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
    [-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\regsvc.dll
    [-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\regsvc.dll
    [-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winxp\system32\regsvc.dll
    [7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\schedsvc.dll
    [7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
    [-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\schedsvc.dll
    [-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\schedsvc.dll
    [-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winxp\system32\schedsvc.dll
    [7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\ssdpsrv.dll
    [7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
    [-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\ssdpsrv.dll
    [-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\ssdpsrv.dll
    [-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winxp\system32\ssdpsrv.dll
    [7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winxp\ServicePackFiles\i386\dsound.dll
    [7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
    [-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winxp\$NtServicePackUninstall$\dsound.dll
    [-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winxp\ERDNT\cache\dsound.dll
    [-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winxp\system32\dsound.dll
    [7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winxp\ServicePackFiles\i386\ddraw.dll
    [7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll
    [-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winxp\$NtServicePackUninstall$\ddraw.dll
    [-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winxp\ERDNT\cache\ddraw.dll
    [-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winxp\system32\ddraw.dll
    [7] 2008-04-14 11:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\olepro32.dll
    [7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll
    [-] 2004-08-10 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\olepro32.dll
    [-] 2004-08-10 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\olepro32.dll
    [-] 2004-08-10 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winxp\system32\olepro32.dll
    [7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\version.dll
    [7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll
    [-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\version.dll
    [-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\version.dll
    [-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winxp\system32\version.dll
    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\srsvc.dll
    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winxp\system32\srsvc.dll
    [7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\w32time.dll
    [7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll
    [-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\w32time.dll
    [-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\w32time.dll
    [-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winxp\system32\w32time.dll
    [7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\wiaservc.dll
    [7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winxp\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll
    [-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\wiaservc.dll
    [-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winxp\ERDNT\cache\wiaservc.dll
    [-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winxp\system32\wiaservc.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-01-01_22.24.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-02 00:09 . 2011-01-02 00:09 16384 c:\winxp\Temp\Perflib_Perfdata_6bc.dat
    - 2008-07-25 20:47 . 2004-08-10 11:00 95232 c:\winxp\system32\wbem\wmiutils.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 95232 c:\winxp\system32\wbem\wmiutils.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 43520 c:\winxp\system32\wbem\wbemsvc.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 43520 c:\winxp\system32\wbem\wbemsvc.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 18944 c:\winxp\system32\wbem\wbemprox.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 18944 c:\winxp\system32\wbem\wbemprox.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 47104 c:\winxp\system32\wbem\ncprov.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 47104 c:\winxp\system32\wbem\ncprov.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 16384 c:\winxp\system32\wbem\mofcomp.exe
    - 2008-07-25 20:47 . 2004-08-10 11:00 16384 c:\winxp\system32\wbem\mofcomp.exe
    + 2004-08-10 11:00 . 2008-04-14 11:42 33792 c:\winxp\system32\Setup\tabletoc.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 33792 c:\winxp\system32\Setup\tabletoc.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 17408 c:\winxp\system32\Setup\ocmsn.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 17408 c:\winxp\system32\Setup\ocmsn.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 15360 c:\winxp\system32\Setup\ocgen.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 62976 c:\winxp\system32\Setup\ntoc.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 62976 c:\winxp\system32\Setup\ntoc.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 77312 c:\winxp\system32\Setup\netoc.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 77312 c:\winxp\system32\Setup\netoc.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 15360 c:\winxp\system32\Setup\msgrocm.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 15360 c:\winxp\system32\Setup\msgrocm.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 90112 c:\winxp\system32\Setup\msdtcstp.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 32828 c:\winxp\system32\Setup\fp40ext.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 32828 c:\winxp\system32\Setup\fp40ext.dll
    + 2004-08-10 11:00 . 2011-01-01 23:26 71462 c:\winxp\system32\perfc009.dat
    - 2004-08-10 11:00 . 2010-11-17 21:30 71462 c:\winxp\system32\perfc009.dat
    + 2011-01-01 23:21 . 2011-01-01 23:21 32768 c:\winxp\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-07-25 21:31 . 2010-09-06 15:33 32768 c:\winxp\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2011-01-01 23:21 . 2011-01-01 23:21 32768 c:\winxp\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012011010120110102\index.dat
    + 2011-01-01 23:21 . 2011-01-01 23:21 32768 c:\winxp\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010121320101220\index.dat
    - 2008-07-25 21:31 . 2010-09-06 15:33 32768 c:\winxp\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-07-25 21:31 . 2011-01-01 23:21 32768 c:\winxp\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2011-01-01 23:21 . 2011-01-01 23:21 16384 c:\winxp\system32\config\systemprofile\Cookies\index.dat
    + 2008-07-25 20:52 . 2008-04-14 11:42 38400 c:\winxp\pchealth\helpctr\binaries\pchsvc.dll
    + 2011-01-01 23:23 . 2011-01-01 23:23 20480 c:\winxp\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0_3d459820\SonicMCEBurnEngine.dll
    + 2011-01-01 23:23 . 2011-01-01 23:23 65536 c:\winxp\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35_76726fa1\Microsoft.MediaCenter.dll
    + 2011-01-01 23:23 . 2011-01-01 23:23 69632 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiWUapi\6.0.3000.0__31bf3856ad364e35_8a00c6eb\ehiWUapi.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 40960 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiUserXp\6.0.3000.0__31bf3856ad364e35_551706b2\ehiUserXp.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 10752 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiExtCOM\6.0.3000.0__31bf3856ad364e35_b737f33f\ehiExtCOM.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 77824 c:\winxp\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 77824 c:\winxp\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 45056 c:\winxp\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 45056 c:\winxp\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 53248 c:\winxp\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 53248 c:\winxp\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 18944 c:\winxp\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 18944 c:\winxp\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 73728 c:\winxp\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 73728 c:\winxp\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 8192 c:\winxp\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 8192 c:\winxp\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 144896 c:\winxp\system32\wbem\wmisvc.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 144896 c:\winxp\system32\wbem\wmisvc.dll
    + 2008-07-25 20:47 . 2009-02-06 10:10 227840 c:\winxp\system32\wbem\wmiprvse.exe
    - 2008-07-25 20:47 . 2009-02-06 16:39 227840 c:\winxp\system32\wbem\wmiprvse.exe
    - 2008-07-25 20:47 . 2009-02-09 10:20 453120 c:\winxp\system32\wbem\wmiprvsd.dll
    + 2008-07-25 20:47 . 2009-02-09 12:10 453120 c:\winxp\system32\wbem\wmiprvsd.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 144896 c:\winxp\system32\wbem\wmiprov.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 144896 c:\winxp\system32\wbem\wmiprov.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 273920 c:\winxp\system32\wbem\wbemess.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 273920 c:\winxp\system32\wbem\wbemess.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 531456 c:\winxp\system32\wbem\wbemcore.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 214528 c:\winxp\system32\wbem\wbemcomn.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 214528 c:\winxp\system32\wbem\wbemcomn.dll
    + 2008-07-25 20:47 . 2008-04-14 11:42 178176 c:\winxp\system32\wbem\repdrvfs.dll
    + 2008-07-25 20:47 . 2008-04-14 11:41 123904 c:\winxp\system32\wbem\mofd.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 123904 c:\winxp\system32\wbem\mofd.dll
    + 2008-07-25 20:47 . 2009-02-09 12:10 473600 c:\winxp\system32\wbem\fastprox.dll
    - 2008-07-25 20:47 . 2004-08-10 11:00 247808 c:\winxp\system32\wbem\esscli.dll
    + 2008-07-25 20:47 . 2008-04-14 11:41 247808 c:\winxp\system32\wbem\esscli.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 130048 c:\winxp\system32\Setup\tsoc.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 101376 c:\winxp\system32\Setup\setupqry.dll
    + 2004-08-10 11:00 . 2008-04-14 11:42 101376 c:\winxp\system32\Setup\setupqry.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 123392 c:\winxp\system32\Setup\imsinsnt.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 505344 c:\winxp\system32\Setup\iis.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 505344 c:\winxp\system32\Setup\iis.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 132608 c:\winxp\system32\Setup\fxsocm.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 132608 c:\winxp\system32\Setup\fxsocm.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 274944 c:\winxp\system32\Setup\comsetup.dll
    - 2004-08-10 11:00 . 2010-11-17 21:30 441692 c:\winxp\system32\perfh009.dat
    + 2004-08-10 11:00 . 2011-01-01 23:26 441692 c:\winxp\system32\perfh009.dat
    + 2011-01-02 00:09 . 2011-01-02 00:09 157472 c:\winxp\system32\javaws.exe
    + 2011-01-02 00:09 . 2011-01-02 00:09 145184 c:\winxp\system32\javaw.exe
    + 2011-01-02 00:09 . 2011-01-02 00:09 145184 c:\winxp\system32\java.exe
    + 2008-07-25 15:36 . 2011-01-02 00:03 189792 c:\winxp\system32\FNTCACHE.DAT
    + 2011-01-02 00:09 . 2011-01-02 00:09 180224 c:\winxp\Installer\29931.msi
    + 2011-01-02 00:09 . 2011-01-02 00:09 675840 c:\winxp\Installer\2992c.msi
    + 2011-01-01 23:22 . 2011-01-01 23:22 684032 c:\winxp\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_a6ee2dcd\ehRecObj.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 180224 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiwmp\6.0.3000.0__31bf3856ad364e35_ee202d79\ehiwmp.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 458752 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiVidCtl\6.0.3000.0__31bf3856ad364e35_4b0b03d3\ehiVidCtl.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 565248 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_9a414ee0\ehiProxy.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 380928 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiPlay\6.0.3000.0__31bf3856ad364e35_47a04298\ehiPlay.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 266240 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiMsgr\6.0.3000.0__31bf3856ad364e35_148b2d3e\ehiMsgr.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 102400 c:\winxp\assembly\NativeImages1_v1.1.4322\ehiExtens\6.0.3000.0__31bf3856ad364e35_3d130ace\ehiExtens.dll
    + 2011-01-01 23:23 . 2011-01-01 23:23 155648 c:\winxp\assembly\NativeImages1_v1.1.4322\ehExtHost\6.0.3000.0__31bf3856ad364e35_4d9df9fd\ehExtHost.exe
    + 2011-01-01 23:23 . 2011-01-01 23:23 167936 c:\winxp\assembly\NativeImages1_v1.1.4322\ehExtCOM\6.0.3000.0__31bf3856ad364e35_bfe5dae9\ehExtCOM.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 167936 c:\winxp\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_3f2850bb\ehepgdat.dll
    + 2011-01-01 23:23 . 2011-01-01 23:23 299008 c:\winxp\assembly\NativeImages1_v1.1.4322\ehcommon\6.0.3000.0__31bf3856ad364e35_4fb53477\ehcommon.dll
    + 2011-01-01 23:22 . 2011-01-01 23:22 159744 c:\winxp\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_45f16bd3\ehCIR.dll
    + 2011-01-01 23:23 . 2011-01-01 23:23 258048 c:\winxp\assembly\NativeImages1_v1.1.4322\BDATunePIA\6.0.3000.0__31bf3856ad364e35_43a552d5\BDATunePIA.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 389120 c:\winxp\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 389120 c:\winxp\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 122880 c:\winxp\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 122880 c:\winxp\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 278528 c:\winxp\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 278528 c:\winxp\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 389120 c:\winxp\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 389120 c:\winxp\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 204800 c:\winxp\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 204800 c:\winxp\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 167936 c:\winxp\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 167936 c:\winxp\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 110592 c:\winxp\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 110592 c:\winxp\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 126976 c:\winxp\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 126976 c:\winxp\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 864256 c:\winxp\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 864256 c:\winxp\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 192512 c:\winxp\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 192512 c:\winxp\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 102400 c:\winxp\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 102400 c:\winxp\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 117248 c:\winxp\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 117248 c:\winxp\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 116224 c:\winxp\AppPatch\acxtrnal.dll
    - 2004-08-10 11:00 . 2004-08-10 11:00 116224 c:\winxp\AppPatch\AcXtrnal.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 245248 c:\winxp\AppPatch\acspecfc.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 141312 c:\winxp\AppPatch\aclua.dll
    + 2004-08-10 11:00 . 2009-11-21 15:51 471552 c:\winxp\AppPatch\aclayers.dll
    + 2011-01-02 00:17 . 2011-01-02 00:17 2283008 c:\winxp\Installer\2993b.msi
    + 2011-01-01 23:24 . 2011-01-01 23:24 6332416 c:\winxp\assembly\NativeImages1_v1.1.4322\ehshell\6.0.3000.0__31bf3856ad364e35_3dd3c868\ehshell.exe
    + 2011-01-01 23:22 . 2011-01-01 23:22 1302528 c:\winxp\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_c74727ae\ehepg.dll
    + 2011-01-01 23:23 . 2011-01-01 23:23 2326528 c:\winxp\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_7e6e3168\EhCM.dll
    + 2011-01-01 23:24 . 2011-01-01 23:24 1863680 c:\winxp\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
    - 2010-02-24 01:17 . 2010-02-24 01:17 1863680 c:\winxp\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
    + 2004-08-10 11:00 . 2008-04-14 11:41 1852928 c:\winxp\AppPatch\acgenral.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Dell Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\winxp\ehome\ehtray.exe" [2005-08-05 64512]
    "IgfxTray"="c:\winxp\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\winxp\system32\igfxpers.exe" [2007-03-31 138008]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
    "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2009-12-04 883272]
    "Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Default User.WINXP\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    c:\documents and settings\FSX\Start Menu\Programs\Startup\
    IMVU.lnk - c:\program files\IMVU\IMVUClient.exe [N/A]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Widefs\\WideClient.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINXP\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\winxp\system32\SAVRKBootTasks.sys [12/28/2010 9:12 PM 18816]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2010 4:30 PM 135664]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [12/4/2009 4:41 PM 121416]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\winxp\system32\28.tmp --> c:\winxp\system32\28.tmp [?]
    S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\winxp\system32\drivers\swnc8u80.sys [8/20/2008 12:35 PM 168192]
    S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\winxp\system32\drivers\swumx80.sys [8/20/2008 12:36 PM 142976]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *NewlyCreated* - MSISERVER
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-02 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 22:30]
    2011-01-01 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 22:30]
    2011-01-01 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2077806209-725345543-1003Core.job
    - c:\documents and settings\Dell Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-25 15:35]
    2011-01-01 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2077806209-725345543-1003UA.job
    - c:\documents and settings\Dell Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-25 15:35]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    LSP: bmnet.dll
    .
    - - - - ORPHANS REMOVED - - - -
    Toolbar-Locked - (no file)

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-01 18:31
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\winxp\system32\28.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'lsass.exe'(904)
    c:\winxp\system32\bmnet.dll
    - - - - - - - > 'explorer.exe'(1564)
    c:\winxp\system32\WININET.dll
    c:\winxp\system32\msi.dll
    c:\winxp\system32\ieframe.dll
    c:\winxp\system32\webcheck.dll
    c:\winxp\system32\bmnet.dll
    .
    Completion time: 2011-01-01 18:34:05
    ComboFix-quarantined-files.txt 2011-01-02 00:34
    ComboFix2.txt 2011-01-01 22:27
    Pre-Run: 33,521,799,168 bytes free
    Post-Run: 33,535,332,352 bytes free
    - - End Of File - - 430D1B86C4346F7CCBF587F69AAB3845
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971173

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice