Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis log... virus [RESOLVED]

Started by stieveb , Sep 22 2008 09:14 PM

  • This topic is locked This topic is locked

#1
stieveb
Posted 22 September 2008 - 09:14 PM

stieveb

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:48, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe
O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe
O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe
O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\kxrpg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user')
O4 - Global Startup: wmsncs.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{48974EB1-82B9-4AB3-BE65-6A988E51D82D}: NameServer = 205.152.144.23 205.152.132.23
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Common Files\System\MSIWA32.exe (file missing)
O23 - Service: NET Runtime Optimization Service v2.1.41329_X86 - Unknown owner - C:\WINDOWS\Fonts\wmsncs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 5830 bytes

Edited by stieveb, 22 September 2008 - 10:46 PM.

  • 0

Advertisements

#2
Egwene
Posted 23 September 2008 - 01:28 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
Egwene
Posted 23 September 2008 - 05:25 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb,

Let's begin the removal :)

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.
  • 0

#4
stieveb
Posted 23 September 2008 - 04:48 PM

stieveb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Egwene, Thank you for taking time to help me in this situation. I tried installing the Recovery Console and it gave me a message stating it could not continue because the version of Windows on the system was newer than the one on the Windows CD, I guess it's cause the CD is not the Windows XP Service Pack 2. Here is the log from combofix and hijack:

ComboFix 08-09-22.06 - Steve & Mayi 2008-09-23 18:39:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.693 [GMT -4:00]
Running from: C:\Documents and Settings\Steve & Mayi\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mw.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-22 21:59 . 2008-09-22 21:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\Steve & Mayi\Application Data\Malwarebytes
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 21:31 . 2008-09-22 21:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:18 . 2008-09-22 21:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-22 21:12 . 2008-09-22 21:20 <DIR> d-------- C:\SDFix
2008-09-21 22:27 . 2008-09-21 22:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-21 22:16 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-21 22:12 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-09-21 22:12 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\004188_.tmp
2008-09-21 21:34 . 2008-09-21 21:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-20 17:10 . 2008-09-22 20:51 10 --a------ C:\Documents and Settings\STEVE
2008-09-19 00:41 . 2008-09-19 20:43 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-18 23:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-09-18 23:32 . 2004-08-04 02:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.book
2008-09-18 23:19 . 2008-09-18 23:19 <DIR> d-------- C:\WINDOWS\provisioning
2008-09-18 23:18 . 2008-09-18 23:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 23:15 . 2008-09-21 22:10 <DIR> d-------- C:\WINDOWS\EHome
2008-09-18 23:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-18 23:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-09-18 23:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-09-17 21:06 . 2008-09-17 21:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-13 22:05 . 2008-09-19 00:01 10,752 --a------ C:\WINDOWS\system32\kxrpg.exe
2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-05 16:16 . 2008-09-05 16:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-05 16:13 . 2008-09-05 16:19 <DIR> d-------- C:\Program Files\NOS
2008-09-05 16:13 . 2008-09-07 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 01:02 3,654 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-19 16:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 16:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-19 04:01 187,155 --sh--r C:\WINDOWS\Fonts\wmsncs.exe
2008-09-09 03:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 20:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-23 02:52 --------- d-----w C:\Program Files\Intel
2008-08-23 02:47 --------- d-----w C:\Program Files\Gigabyte
2008-08-23 02:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-23 02:27 558,142 ----a-w C:\WINDOWS\java\Packages\MKFZFV57.ZIP
2008-08-23 02:27 155,995 ----a-w C:\WINDOWS\java\Packages\UW5B9RN3.ZIP
2008-08-23 02:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-23 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 02:02 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-23 01:58 --------- d-----w C:\Program Files\USR
2008-08-23 01:57 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Canon
2008-08-23 01:56 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-23 01:56 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\ScanSoft
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-08-23 01:55 --------- d-----w C:\Program Files\ScanSoft
2008-08-23 01:55 --------- d-----w C:\Program Files\ArcSoft
2008-08-23 01:54 --------- d-----w C:\Program Files\Canon
2008-08-23 01:51 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-23 01:47 --------- d-----w C:\Program Files\directx
2008-08-23 01:43 --------- d-----w C:\Program Files\Java
2008-08-23 01:42 --------- d-----w C:\Program Files\Common Files\Java
2008-08-18 16:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-09-19 187155]
"NvidMediaCenter"="C:\Program Files\Common Files\System\wmsncs.exe" [2008-09-19 187155]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-09-19 187155]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-09-19 187155]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Disk Defragmenter"="C:\WINDOWS\System32\kxrpg.exe" [2008-09-19 10752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvidMediaCenter"="C:\Program Files\Common Files\System\wmsncs.exe" [2008-09-19 187155]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-09-19 187155]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-09-19 187155]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-09-19 187155]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
wmsncs.exe [2008-09-19 187155]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM
"%windir%\\system32\\sessmgr.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-09 24539]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-30 89610]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 Integrated Windows Authentication;Integrated Windows Authentication;C:\Program Files\Common Files\System\MSIWA32.exe [ ]
S2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;C:\WINDOWS\Fonts\wmsncs.exe [2008-09-19 187155]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
C:\WINDOWS\Fonts\wmsncs.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Steve & Mayi\Application Data\Mozilla\Firefox\Profiles\z7i4ktvf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-09-23 18:40:40
ComboFix-quarantined-files.txt 2008-09-23 22:40:38

Pre-Run: 193,722,130,432 bytes free
Post-Run: 193,738,866,688 bytes free

155 --- E O F --- 2008-09-18 01:06:04






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:48:00 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe
O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe
O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe
O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\kxrpg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user')
O4 - Global Startup: wmsncs.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{48974EB1-82B9-4AB3-BE65-6A988E51D82D}: NameServer = 205.152.144.23 205.152.132.23
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Common Files\System\MSIWA32.exe (file missing)
O23 - Service: NET Runtime Optimization Service v2.1.41329_X86 - Unknown owner - C:\WINDOWS\Fonts\wmsncs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 6064 bytes

Edited by stieveb, 23 September 2008 - 04:53 PM.

  • 0

#5
Egwene
Posted 24 September 2008 - 06:22 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb,

Let's go on :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
NET Runtime Optimization Service v2.1.41329_X86
Integrated Windows Authentication

Sysrst::

File::
C:\WINDOWS\004188_.tmp
C:\WINDOWS\system32\kxrpg.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\Program Files\Common Files\System\wmsncs.exe
C:\WINDOWS\System32\spool\drivers\wmsncs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
C:\Program Files\Common Files\System\MSIWA32.exe

Folder::
C:\WINDOWS\System32\wins

Dirlook::
C:\WINDOWS\provisioning

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
Egwene.
  • 0

#6
stieveb
Posted 24 September 2008 - 07:09 PM

stieveb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Egwene, attached you will find the new log you requested.

Thank you very much

Attached File  log.txt   370.49KB   452 downloads
  • 0

#7
Egwene
Posted 25 September 2008 - 07:00 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb,

Please do not attach logs unless i asked you to do it. Just copy and past it in your answer. I will do it for you this time. I'm currently analysing your log. :)

---

ComboFix 08-09-24.08 - Steve & Mayi 2008-09-24 20:39:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.780 [GMT -4:00]
Running from: C:\Documents and Settings\Steve & Mayi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Steve & Mayi\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
C:\Program Files\Common Files\System\MSIWA32.exe
C:\Program Files\Common Files\System\wmsncs.exe
C:\WINDOWS\004188_.tmp
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\kxrpg.exe
C:\WINDOWS\System32\spool\drivers\wmsncs.exe
C:\WINDOWS\System32\wins :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
C:\Program Files\Common Files\System\wmsncs.exe
C:\WINDOWS\004188_.tmp
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\kxrpg.exe
C:\WINDOWS\System32\spool\drivers\wmsncs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_INTEGRATED_WINDOWS_AUTHENTICATION
-------\Legacy_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86
-------\Service_Integrated Windows Authentication
-------\Service_NET Runtime Optimization Service v2.1.41329_X86


((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))
.

2008-09-23 22:35 . 2008-09-23 22:35 <DIR> d-------- C:\Documents and Settings\Steve & Mayi\Application Data\Apple Computer
2008-09-23 22:34 . 2008-09-23 22:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-23 22:32 . 2008-09-23 22:33 <DIR> d-------- C:\Program Files\QuickTime
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-22 21:59 . 2008-09-22 21:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\Steve & Mayi\Application Data\Malwarebytes
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 21:31 . 2008-09-22 21:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:18 . 2008-09-22 21:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-22 21:12 . 2008-09-22 21:20 <DIR> d-------- C:\SDFix
2008-09-21 22:27 . 2008-09-21 22:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-21 22:16 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-21 22:12 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-09-21 21:34 . 2008-09-21 21:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-20 17:10 . 2008-09-22 20:51 10 --a------ C:\Documents and Settings\STEVE
2008-09-19 00:41 . 2008-09-19 20:43 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-18 23:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-09-18 23:32 . 2004-08-04 02:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.book
2008-09-18 23:19 . 2008-09-18 23:19 <DIR> d-------- C:\WINDOWS\provisioning
2008-09-18 23:18 . 2008-09-18 23:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 23:15 . 2008-09-21 22:10 <DIR> d-------- C:\WINDOWS\EHome
2008-09-18 23:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-18 23:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-09-18 23:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-09-17 21:06 . 2008-09-17 21:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-05 16:16 . 2008-09-05 16:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-05 16:13 . 2008-09-05 16:19 <DIR> d-------- C:\Program Files\NOS
2008-09-05 16:13 . 2008-09-07 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 02:52 --------- d-----w C:\Program Files\Intel
2008-08-23 02:47 --------- d-----w C:\Program Files\Gigabyte
2008-08-23 02:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-23 02:27 558,142 ----a-w C:\WINDOWS\java\Packages\MKFZFV57.ZIP
2008-08-23 02:27 155,995 ----a-w C:\WINDOWS\java\Packages\UW5B9RN3.ZIP
2008-08-23 02:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-23 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 02:02 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-23 01:58 --------- d-----w C:\Program Files\USR
2008-08-23 01:57 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Canon
2008-08-23 01:56 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-23 01:56 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\ScanSoft
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-08-23 01:55 --------- d-----w C:\Program Files\ScanSoft
2008-08-23 01:55 --------- d-----w C:\Program Files\ArcSoft
2008-08-23 01:54 --------- d-----w C:\Program Files\Canon
2008-08-23 01:51 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-23 01:47 --------- d-----w C:\Program Files\directx
2008-08-23 01:43 --------- d-----w C:\Program Files\Java
2008-08-23 01:42 --------- d-----w C:\Program Files\Common Files\Java
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\provisioning ----

2004-07-17 14:35 9924 --------- C:\WINDOWS\provisioning\schemas\flashconfigdevice.xdr
2004-07-17 14:35 861 --------- C:\WINDOWS\provisioning\schemas\mschapv2userpropertiesv1.xdr
2004-07-17 14:35 732 --------- C:\WINDOWS\provisioning\schemas\help.xdr
2004-07-17 14:35 698 --------- C:\WINDOWS\provisioning\schemas\mspeapuserpropertiesv1.xdr
2004-07-17 14:35 689 --------- C:\WINDOWS\provisioning\schemas\eapconnectionpropertiesv1.xdr
2004-07-17 14:35 580 --------- C:\WINDOWS\provisioning\schemas\baseeapuserpropertiesv1.xdr
2004-07-17 14:35 520 --------- C:\WINDOWS\provisioning\schemas\baseeapconnectionpropertiesv1.xdr
2004-07-17 14:35 4089 --------- C:\WINDOWS\provisioning\schemas\flashconfig.xdr
2004-07-17 14:35 395 --------- C:\WINDOWS\provisioning\schemas\mschapv2connectionpropertiesv1.xdr
2004-07-17 14:35 378 --------- C:\WINDOWS\provisioning\schemas\eapuserpropertiesv1.xdr
2004-07-17 14:35 2459 --------- C:\WINDOWS\provisioning\schemas\masterfile.xdr
2004-07-17 14:35 22405 --------- C:\WINDOWS\provisioning\schemas\wizard.xdr
2004-07-17 14:35 2036 --------- C:\WINDOWS\provisioning\schemas\wirelessprofile.xdr
2004-07-17 14:35 1911 --------- C:\WINDOWS\provisioning\schemas\mspeapconnectionpropertiesv1.xdr
2004-07-17 14:35 1721 --------- C:\WINDOWS\provisioning\schemas\locations.xdr
2004-07-17 14:35 1673 --------- C:\WINDOWS\provisioning\schemas\ssid.xdr
2004-07-17 14:35 1426 --------- C:\WINDOWS\provisioning\schemas\branding.xdr
2004-07-17 14:35 1032 --------- C:\WINDOWS\provisioning\schemas\register.xdr


((((((((((((((((((((((((((((( snapshot@2008-09-23_18.40.26.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-09-24 02:32:40 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-25 00:41:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_608.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_004570_.tmp.dll
2002-08-29 08:00 55808 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018635.dll
2002-08-29 08:00 55808 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018635.dll

C:\_004701_.tmp.dll
2002-08-29 08:00 238080 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018766.dll

C:\_004707_.tmp.dll
2002-08-29 08:00 10752 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018772.dll

C:\_004855_.tmp.dll
2002-08-29 08:00 36864 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018920.dll

C:\_004858_.tmp.dll
2002-08-29 08:00 65536 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018923.dll

C:\_004875_.tmp.dll
2002-08-29 08:00 221184 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018940.dll

C:\_004950_.tmp.dll
2002-08-29 08:00 29184 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0019015.dll

C:\_005104_.tmp.dll
2002-08-29 08:00 361472 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0019169.dll

C:\_005107_.tmp.dll
2002-08-29 08:00 323072 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0019172.dll

C:\_005110_.tmp.dll
2002-08-29 08:00 565248 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0019175.dll

C:\43e69fb55fe17620ca7ba4c8\i386\admin.dll
2004-08-04 00:56 20540 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021093.dll

C:\43e69fb55fe17620ca7ba4c8\i386\admin.exe
2004-08-04 00:56 16439 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021092.exe

C:\43e69fb55fe17620ca7ba4c8\i386\asms\10\msft\windows\gdiplus\gdiplus.dll
2004-08-04 00:57 1712128 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021090.dll

C:\43e69fb55fe17620ca7ba4c8\i386\asms\52\msft\windows\net\dxmrtp\dxmrtp.dll
2004-08-04 00:57 853504 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021085.dll

C:\43e69fb55fe17620ca7ba4c8\i386\asms\52\msft\windows\net\rtcdll\rtcdll.dll
2004-08-04 00:57 991232 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021083.dll

C:\43e69fb55fe17620ca7ba4c8\i386\asms\52\msft\windows\net\rtcres\rtcres.dll
2004-08-04 00:55 132096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021081.dll

C:\43e69fb55fe17620ca7ba4c8\i386\asms\60\msft\windows\common\controls\comctl32.dll
2004-08-04 00:57 1050624 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021078.dll

C:\43e69fb55fe17620ca7ba4c8\i386\asms\70\msft\windows\mswincrt\msvcirt.dll
2004-08-04 00:57 54784 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021075.dll

C:\43e69fb55fe17620ca7ba4c8\i386\asms\70\msft\windows\mswincrt\msvcrt.dll
2004-08-04 00:57 343040 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021074.dll

C:\43e69fb55fe17620ca7ba4c8\i386\aspnet_isapi.dll
2004-08-03 22:11 200704 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021071.dll

C:\43e69fb55fe17620ca7ba4c8\i386\aspnet_regiis.exe
2004-08-03 22:11 24576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021068.exe

C:\43e69fb55fe17620ca7ba4c8\i386\aspnet_wp.exe
2004-08-03 22:11 32768 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021067.exe

C:\43e69fb55fe17620ca7ba4c8\i386\author.dll
2004-08-04 00:56 20540 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021066.dll

C:\43e69fb55fe17620ca7ba4c8\i386\author.exe
2004-08-04 00:56 16439 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021065.exe

C:\43e69fb55fe17620ca7ba4c8\i386\autochk.exe
2004-08-04 00:56 588800 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021064.exe

C:\43e69fb55fe17620ca7ba4c8\i386\autofmt.exe
2004-08-04 00:56 580608 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021063.exe

C:\43e69fb55fe17620ca7ba4c8\i386\cabinet.dll
2004-08-04 00:56 59904 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021062.dll

C:\43e69fb55fe17620ca7ba4c8\i386\caspol.exe
2004-07-19 18:54 94208 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021061.exe

C:\43e69fb55fe17620ca7ba4c8\i386\cfgwiz.exe
2004-08-04 00:56 188480 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021060.exe

C:\43e69fb55fe17620ca7ba4c8\i386\corperfmonext.dll
2004-08-03 22:11 69632 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021058.dll

C:\43e69fb55fe17620ca7ba4c8\i386\csc.exe
2004-08-03 22:11 49152 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021056.exe

C:\43e69fb55fe17620ca7ba4c8\i386\cscomp.dll
2004-07-19 18:54 589824 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021055.dll

C:\43e69fb55fe17620ca7ba4c8\i386\dbghelp.dll
2004-08-04 00:56 640000 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021054.dll

C:\43e69fb55fe17620ca7ba4c8\i386\drw\dwwin.exe
2004-08-04 00:56 180224 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021052.exe

C:\43e69fb55fe17620ca7ba4c8\i386\eventlogmessages.dll
2004-07-19 18:54 798720 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021051.dll

C:\43e69fb55fe17620ca7ba4c8\i386\faxpatch.exe
2004-08-04 00:56 20992 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021050.exe

C:\43e69fb55fe17620ca7ba4c8\i386\fp4amsft.dll
2004-08-04 00:56 184435 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021049.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4anscp.dll
2004-08-04 00:56 82035 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021048.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4apws.dll
2004-08-04 00:56 147513 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021047.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4areg.dll
2004-08-04 00:56 49210 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021046.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4atxt.dll
2004-08-04 00:56 102509 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021045.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4autl.dll
2004-08-04 00:56 618605 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021044.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4avnb.dll
2004-08-04 00:56 41020 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021043.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4avss.dll
2004-08-04 00:56 32826 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021042.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4awebs.dll
2004-08-04 00:56 49212 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021041.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp4awel.dll
2004-08-04 00:56 876653 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021040.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fp98sadm.exe
2004-08-04 00:56 15120 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021039.exe

C:\43e69fb55fe17620ca7ba4c8\i386\fp98swin.exe
2004-08-04 00:56 109840 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021038.exe

C:\43e69fb55fe17620ca7ba4c8\i386\fpadmcgi.exe
2004-08-04 00:56 24632 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021037.exe

C:\43e69fb55fe17620ca7ba4c8\i386\fpadmdll.dll
2004-08-04 00:56 20541 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021036.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fpcount.exe
2004-08-04 00:56 188494 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021035.exe

C:\43e69fb55fe17620ca7ba4c8\i386\fpencode.dll
2004-08-04 00:56 94208 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021034.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fpexedll.dll
2004-08-04 00:56 20541 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021033.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fpmmc.dll
2004-08-04 00:56 598071 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021032.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fpmmcsat.dll
2004-08-04 00:56 208896 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021031.dll

C:\43e69fb55fe17620ca7ba4c8\i386\fpremadm.exe
2004-08-04 00:56 20538 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021030.exe

C:\43e69fb55fe17620ca7ba4c8\i386\fpsrvadm.exe
2004-08-04 00:56 28728 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021029.exe

C:\43e69fb55fe17620ca7ba4c8\i386\fusion.dll
2004-07-19 18:54 233472 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021028.dll

C:\43e69fb55fe17620ca7ba4c8\i386\ic\pidgen.dll
2004-08-03 23:04 24064 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021015.dll

C:\43e69fb55fe17620ca7ba4c8\i386\ieexec.exe
2004-07-19 18:54 7680 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021009.exe

C:\43e69fb55fe17620ca7ba4c8\i386\ieexecremote.dll
2004-07-19 18:54 7168 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021008.dll

C:\43e69fb55fe17620ca7ba4c8\i386\iehost.dll
2004-07-19 18:54 32768 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021007.dll

C:\43e69fb55fe17620ca7ba4c8\i386\ilasm.exe
2004-08-03 22:11 184320 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021006.exe

C:\43e69fb55fe17620ca7ba4c8\i386\imagehlp.dll
2004-08-04 00:56 144384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021005.dll

C:\43e69fb55fe17620ca7ba4c8\i386\installutil.exe
2004-07-19 18:54 24576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021003.exe

C:\43e69fb55fe17620ca7ba4c8\i386\ip\pidgen.dll
2004-08-04 00:56 24064 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020990.dll

C:\43e69fb55fe17620ca7ba4c8\i386\ipevlpid.dll
2004-08-04 00:56 24064 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020984.dll

C:\43e69fb55fe17620ca7ba4c8\i386\ipselpid.dll
2004-08-04 00:56 24064 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020983.dll

C:\43e69fb55fe17620ca7ba4c8\i386\jsc.exe
2004-07-19 18:54 40960 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020982.exe

C:\43e69fb55fe17620ca7ba4c8\i386\ksecdd.sys
2004-08-03 22:59 92032 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020981.sys

C:\43e69fb55fe17620ca7ba4c8\i386\licdll.dll
2004-08-04 00:56 423936 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020980.dll

C:\43e69fb55fe17620ca7ba4c8\i386\medctrro.cmd
2004-07-17 11:46 112 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020978.cmd

C:\43e69fb55fe17620ca7ba4c8\i386\microsoft.jscript.dll
2004-07-19 18:54 712704 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020977.dll

C:\43e69fb55fe17620ca7ba4c8\i386\microsoft.visualbasic.dll
2004-07-19 18:54 286720 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020976.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorcfg.dll
2004-07-19 18:54 1564672 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020975.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscordbc.dll
2004-08-03 22:12 69632 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020973.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscordbi.dll
2004-08-03 22:12 221184 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020972.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscoree.dll
2004-07-19 18:54 131072 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020971.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorie.dll
2004-08-03 22:12 73728 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020970.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorjit.dll
2004-07-19 18:54 303104 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020969.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorld.dll
2004-08-03 22:12 86016 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020968.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorlib.dll
2004-07-19 18:54 1998848 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020967.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorpe.dll
2004-08-03 22:12 94208 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020965.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.chs.dll
2004-08-03 22:12 143360 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020964.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.cht.dll
2004-08-03 22:12 143360 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020963.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.dll
2004-08-03 22:12 143360 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020962.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.es.dll
2004-08-03 22:12 172032 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020961.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.fr.dll
2004-08-03 22:12 172032 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020960.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.ger.dll
2004-08-03 22:12 167936 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020959.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.it.dll
2004-08-03 22:12 167936 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020958.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.ja.dll
2004-08-03 22:12 143360 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020957.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorrc.kor.dll
2004-08-03 22:12 143360 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020956.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorsec.dll
2004-08-03 22:12 46592 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020955.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorsn.dll
2004-08-03 22:12 69632 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020954.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorsvr.dll
2004-07-19 18:54 2265088 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020953.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscortim.dll
2004-08-03 22:12 8704 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020952.dll

C:\43e69fb55fe17620ca7ba4c8\i386\mscorwks.dll
2004-07-19 18:54 2269184 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020951.dll

C:\43e69fb55fe17620ca7ba4c8\i386\msdaipp.dll
2004-08-04 00:56 532480 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020950.dll

C:\43e69fb55fe17620ca7ba4c8\i386\msgsc.dll
2004-08-04 00:56 82944 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020949.dll

C:\43e69fb55fe17620ca7ba4c8\i386\msgslang.dll
2004-08-04 00:56 180224 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020948.dll

C:\43e69fb55fe17620ca7ba4c8\i386\msmsgs.exe
2004-08-04 00:56 1667584 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020947.exe

C:\43e69fb55fe17620ca7ba4c8\i386\netfxupdate.exe
2004-08-03 22:12 106496 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020945.exe

C:\43e69fb55fe17620ca7ba4c8\i386\netsetup.exe
2004-08-04 01:02 329728 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020944.exe

C:\43e69fb55fe17620ca7ba4c8\i386\ngen.exe
2004-08-03 22:12 147456 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020943.exe

C:\43e69fb55fe17620ca7ba4c8\i386\ntdetect.com
2004-08-03 22:38 47564 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020942.com

C:\43e69fb55fe17620ca7ba4c8\i386\ntdll.dll
2004-08-04 00:56 708096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020941.dll

C:\43e69fb55fe17620ca7ba4c8\i386\ntfs.sys
2004-08-03 23:15 574592 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020940.sys

C:\43e69fb55fe17620ca7ba4c8\i386\oschoice.exe
2004-08-03 23:00 166400 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020938.exe

C:\43e69fb55fe17620ca7ba4c8\i386\perfcounter.dll
2004-08-03 22:12 20480 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020937.dll

C:\43e69fb55fe17620ca7ba4c8\i386\regasm.exe
2004-07-19 18:54 28672 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020936.exe

C:\43e69fb55fe17620ca7ba4c8\i386\regcode.dll
2004-07-19 18:54 32768 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020935.dll

C:\43e69fb55fe17620ca7ba4c8\i386\regedit.exe
2004-08-04 00:56 146432 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020934.exe

C:\43e69fb55fe17620ca7ba4c8\i386\regsvcs.exe
2004-07-19 18:54 11264 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020933.exe

C:\43e69fb55fe17620ca7ba4c8\i386\root\cmpnents\mediactr\i386\mcpreins.exe
2004-08-04 00:56 21504 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020932.exe

C:\43e69fb55fe17620ca7ba4c8\i386\root\ic\setup.exe
2004-08-03 23:04 1314816 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020931.exe

C:\43e69fb55fe17620ca7ba4c8\i386\root\ip\setup.exe
2004-08-04 00:56 1314816 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020930.exe

C:\43e69fb55fe17620ca7ba4c8\i386\setregni.exe
2004-08-03 22:12 102400 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020929.exe

C:\43e69fb55fe17620ca7ba4c8\i386\shtml.dll
2004-08-04 00:56 20536 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020928.dll

C:\43e69fb55fe17620ca7ba4c8\i386\shtml.exe
2004-08-04 00:56 16437 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020927.exe

C:\43e69fb55fe17620ca7ba4c8\i386\spcmdcon.sys
2004-08-03 23:05 232832 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020926.sys

C:\43e69fb55fe17620ca7ba4c8\i386\spdwnwxp.exe
2004-08-04 00:56 8192 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020925.exe

C:\43e69fb55fe17620ca7ba4c8\i386\spmsg.dll
2004-07-17 22:55 7168 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020924.dll

C:\43e69fb55fe17620ca7ba4c8\i386\spnpinst.exe
2004-08-04 00:56 11776 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020923.exe

C:\43e69fb55fe17620ca7ba4c8\i386\sprecovr.exe
2004-08-03 22:42 20480 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020922.exe

C:\43e69fb55fe17620ca7ba4c8\i386\spuninst.exe
2004-08-03 22:42 170496 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020921.exe

C:\43e69fb55fe17620ca7ba4c8\i386\spupdsvc.exe
2004-08-03 22:42 15872 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020920.exe

C:\43e69fb55fe17620ca7ba4c8\i386\spupdwxp.exe
2004-08-04 00:56 21504 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020919.exe

C:\43e69fb55fe17620ca7ba4c8\i386\stub_fpsrvadm.exe
2004-08-04 00:56 16449 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020918.exe

C:\43e69fb55fe17620ca7ba4c8\i386\stub_fpsrvwin.exe
2004-08-04 00:56 65601 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020917.exe

C:\43e69fb55fe17620ca7ba4c8\i386\sy52106.dll
2004-07-19 18:54 1179648 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020916.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.configuration.install.dll
2004-07-19 18:54 77824 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020915.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.data.dll
2004-07-19 18:54 1179648 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020914.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.design.dll
2004-07-19 18:54 1695744 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020913.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.directoryservices.dll
2004-07-19 18:54 86016 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020912.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.drawing.design.dll
2004-07-19 18:54 65536 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020911.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.drawing.dll
2004-07-19 18:54 462848 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020910.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.enterpriseservices.dll
2004-07-19 18:54 212992 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020909.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.enterpriseservices.thunk.dll
2004-08-03 22:12 48640 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020908.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.management.dll
2004-07-19 18:54 352256 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020907.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.messaging.dll
2004-07-19 18:54 241664 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020906.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.runtime.remoting.dll
2004-07-19 18:54 311296 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020905.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.runtime.serialization.formatters.soap.dll
2004-07-19 18:54 131072 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020904.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.security.dll
2004-07-19 18:54 77824 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020903.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.serviceprocess.dll
2004-07-19 18:54 126976 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020902.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.web.dll
2004-07-19 18:54 1200128 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020901.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.web.regularexpressions.dll
2004-07-19 18:54 61440 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020900.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.web.services.dll
2004-07-19 18:54 507904 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020899.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.windows.forms.dll
2004-07-19 18:54 2002944 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020898.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system.xml.dll
2004-07-19 18:54 1302528 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020896.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system32\ntdll.dll
2004-08-04 00:56 708096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020895.dll

C:\43e69fb55fe17620ca7ba4c8\i386\system32\smss.exe
2004-08-04 00:56 470016 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020894.exe

C:\43e69fb55fe17620ca7ba4c8\i386\tcptest.exe
2004-08-04 00:56 32827 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020893.exe

C:\43e69fb55fe17620ca7ba4c8\i386\tcptsat.dll
2004-08-04 00:56 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020892.dll

C:\43e69fb55fe17620ca7ba4c8\i386\telnet.exe
2004-08-04 00:56 75264 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020891.exe

C:\43e69fb55fe17620ca7ba4c8\i386\togac.exe
2004-08-03 22:12 118784 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020890.exe

C:\43e69fb55fe17620ca7ba4c8\i386\update\fixccs.exe
2004-08-04 00:56 4608 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020834.exe

C:\43e69fb55fe17620ca7ba4c8\i386\update\nv4prep.exe
2004-08-04 00:56 6656 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020833.exe

C:\43e69fb55fe17620ca7ba4c8\i386\update\setupapi.dll
2004-08-04 00:56 983552 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020832.dll

C:\43e69fb55fe17620ca7ba4c8\i386\update\spcustom.dll
2004-08-03 22:42 21504 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020830.dll

C:\43e69fb55fe17620ca7ba4c8\i386\update\spnpinst.exe
2004-08-04 00:56 11776 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020829.exe

C:\43e69fb55fe17620ca7ba4c8\i386\update\update.exe
2004-07-17 22:55 655872 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020828.exe

C:\43e69fb55fe17620ca7ba4c8\i386\vbc.exe
2004-07-19 18:54 716800 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020889.exe

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.chs.dll
2004-08-03 22:12 126976 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020888.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.cht.dll
2004-08-03 22:12 126976 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020887.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.dll
2004-08-03 22:12 126976 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020886.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.es.dll
2004-08-03 22:12 147456 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020885.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.fr.dll
2004-08-03 22:12 151552 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020884.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.ger.dll
2004-08-03 22:12 151552 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020883.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.it.dll
2004-08-03 22:12 147456 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020882.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.ja.dll
2004-08-03 22:12 126976 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020881.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vbc7ui.kor.dll
2004-08-03 22:12 126976 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020880.dll

C:\43e69fb55fe17620ca7ba4c8\i386\vsavb7rt.dll
2004-08-03 22:12 999424 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020879.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\acrobat\migrate.dll
2004-07-17 11:44 65536 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020878.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\cmmgr\migrate.dll
2004-08-03 23:04 32256 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020877.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\devupgrd\migrate.dll
2004-08-03 23:05 57344 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020876.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\dmicall\migrate.dll
2004-08-03 22:41 32768 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020875.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\eastman\migrate.dll
2004-07-17 11:44 69632 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020874.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\fax\migrate.dll
2004-08-03 23:04 27648 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020873.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\hptools\migrate.dll
2004-07-17 11:44 83456 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020872.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\ibmav\migrate.dll
2004-07-17 11:44 40960 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020871.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\icm\migrate.dll
2004-08-03 23:00 10752 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020870.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\iemig\migrate.dll
2004-08-03 23:02 29184 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020869.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\mapi\dll\migrate.dll
2004-07-17 11:44 108544 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020868.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\modems\migrate.dll
2004-08-03 23:08 43520 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020867.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\msgqueue\migrate.dll
2004-08-03 22:58 13824 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020866.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\msp\migrate.dll
2004-08-03 22:41 63488 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020865.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\neckbd\migrate.dll
2004-07-17 11:44 36352 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020864.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\necpa\migrate.dll
2004-07-17 11:44 176128 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020863.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\necwps\migrate.dll
2004-07-17 11:44 147456 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020862.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\octopus\migrate.dll
2004-07-17 11:44 86016 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020861.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\oewab\migrate.dll
2004-08-03 22:58 41472 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020860.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\print\migrate.dll
2004-08-03 23:02 33280 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020859.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\pws\migrate.dll
2004-08-03 22:59 38400 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020858.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\rumba\migrate.dll
2004-07-17 11:44 184320 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020857.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\setup\migrate.dll
2004-08-03 23:05 69632 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020856.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\transact\migrate.dll
2004-08-03 22:41 76288 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020855.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\wia\migrate.dll
2004-08-03 22:58 15872 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020854.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xmig\wmp\migrate.dll
2004-08-03 22:51 40960 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020853.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xupg\cabinet.dll
2004-07-17 11:47 55056 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020852.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xupg\imagehlp.dll
2004-07-17 11:47 99376 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020851.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xupg\msvcrt.dll
2004-07-17 11:47 267536 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020850.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xupg\setupapi.dll
2004-08-03 23:04 888832 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020849.dll

C:\43e69fb55fe17620ca7ba4c8\i386\win9xupg\w95upg.dll
2004-08-03 23:05 872448 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020848.dll

C:\43e69fb55fe17620ca7ba4c8\i386\winnt.exe
2004-08-03 22:41 84939 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020847.exe

C:\43e69fb55fe17620ca7ba4c8\i386\winnt32.exe
2004-08-03 23:05 48128 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020846.exe

C:\43e69fb55fe17620ca7ba4c8\i386\winnt32a.dll
2004-08-04 00:56 1171456 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020845.dll

C:\43e69fb55fe17620ca7ba4c8\i386\winnt32u.dll
2004-08-04 00:56 1294336 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020844.dll

C:\43e69fb55fe17620ca7ba4c8\i386\winntbba.dll
2004-08-04 00:56 763392 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020843.dll

C:\43e69fb55fe17620ca7ba4c8\i386\winntbbu.dll
2004-08-04 00:56 764928 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020842.dll

C:\43e69fb55fe17620ca7ba4c8\i386\winntupg\netupgrd.dll
2004-08-04 00:56 121344 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020840.dll

C:\43e69fb55fe17620ca7ba4c8\i386\winntupg\nv4prep.dll
2004-08-04 00:56 6144 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020839.dll

C:\43e69fb55fe17620ca7ba4c8\i386\winntupg\setupapi.dll
2004-08-04 00:56 323344 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020838.dll

C:\43e69fb55fe17620ca7ba4c8\i386\wsdueng.dll
2004-08-04 00:56 77824 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020837.dll

C:\a.bat
{0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP27\A0021450.bat
{0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022546.bat

C:\Avenger\mdm.exe
{0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022505.exe

C:\clbcatq.dll
2002-08-29 08:00 468480 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021322.dll

C:\dllcache\_004436_.tmp.dll
2002-08-29 08:00 66560 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018501.dll

C:\dllcache\_004558_.tmp.dll
2002-08-29 08:00 163328 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018623.dll
2002-08-29 08:00 163328 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018623.dll

C:\dllcache\_004784_.tmp.dll
2002-08-29 08:00 16896 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018849.dll

C:\dllcache\_004856_.tmp.dll
2002-08-29 08:00 12288 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0018921.dll

C:\dllcache\_005232_.tmp.dll
2002-08-29 08:00 48640 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0019297.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D903D7F2-2960-409F-A828-FA09EF7ADA3F}\mpengine.dll
2008-08-25 23:21 3434576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP32\A0022691.dll

2008-08-25 23:21 3434576 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2007-03-09 11:25 2321288 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP32\A0022690.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
2008-09-19 00:01 187155 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP34\A0022762.exe

C:\Documents and Settings\Steve & Mayi\Desktop\SmitfraudFix\clean.reg
2008-09-22 21:03 12 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0021485.reg

C:\NetMeeting\h323cc.dll
2002-08-29 08:00 53248 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020619.dll

2008-09-21 22:12 47564 C:\NTDETECT.COM
2002-08-29 08:00 47580 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0019599.COM

2008-09-24 20:41 192696 C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll
2008-09-22 22:04 188600 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022559.dll
2008-09-24 20:32 192696 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP34\A0022772.dll

2008-09-24 20:41 391216 C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll
2008-09-22 22:04 391216 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022557.dll
2008-09-24 20:32 391216 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP34\A0022773.dll

2008-09-24 20:41 9080 C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll
2008-09-22 22:04 9080 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022558.dll
2008-09-24 20:32 9080 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP34\A0022774.dll

2004-08-04 00:56 561179 C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll
2002-08-29 08:00 557128 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020576.dll

2004-08-04 00:56 741376 C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll
2002-08-29 08:00 696320 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020630.dll

2004-07-17 11:42 116288 C:\Program Files\Common Files\Microsoft Shared\TextConv\msconv97.dll
2002-08-29 08:00 143434 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020632.dll

2004-08-04 00:56 153088 C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll
2002-08-29 08:00 146432 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020634.DLL

2004-08-04 00:56 848384 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
2002-08-29 08:00 802304 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020636.dll

2004-08-04 00:56 618605 C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\fp4autl.dll
2002-05-14 15:08 618605 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020589.dll

2004-08-04 00:56 24576 C:\Program Files\Common Files\System\ado\msader15.dll
2002-08-29 08:00 24576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021406.dll

2004-08-04 00:56 536576 C:\Program Files\Common Files\System\ado\msado15.dll
2002-08-29 08:00 487424 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021405.dll

2004-08-04 00:56 180224 C:\Program Files\Common Files\System\ado\msadomd.dll
2002-08-29 08:00 159744 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021400.dll

2004-08-04 00:56 57344 C:\Program Files\Common Files\System\ado\msador15.dll
2002-08-29 08:00 49152 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021399.dll

2004-08-04 00:56 200704 C:\Program Files\Common Files\System\ado\msadox.dll
2002-08-29 08:00 180224 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021398.dll

2004-08-04 00:56 57344 C:\Program Files\Common Files\System\ado\msadrh15.dll
2002-08-29 08:00 53248 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021397.dll

2004-08-04 00:56 102400 C:\Program Files\Common Files\System\ado\msjro.dll
2002-08-29 08:00 90112 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021396.dll

2004-08-04 00:56 81408 C:\Program Files\Common Files\System\directdb.dll
2002-08-29 08:00 76288 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020571.dll

2004-08-04 00:56 331776 C:\Program Files\Common Files\System\msadc\msadce.dll
2002-08-29 08:00 307200 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021395.dll

2004-08-04 00:56 20480 C:\Program Files\Common Files\System\msadc\msadcer.dll
2002-08-29 08:00 20480 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021394.dll

2004-08-04 00:56 61440 C:\Program Files\Common Files\System\msadc\msadcf.dll
2002-08-29 08:00 57344 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021393.dll

2004-08-04 00:56 16384 C:\Program Files\Common Files\System\msadc\msadcfr.dll
2002-08-29 08:00 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021392.dll

2004-08-04 00:56 143360 C:\Program Files\Common Files\System\msadc\msadco.dll
2002-08-29 08:00 131072 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021391.dll

2004-08-04 00:56 16384 C:\Program Files\Common Files\System\msadc\msadcor.dll
2002-08-29 08:00 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021390.dll

2004-08-04 00:56 53248 C:\Program Files\Common Files\System\msadc\msadcs.dll
2002-08-29 08:00 53248 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021389.dll

2004-08-04 00:56 155648 C:\Program Files\Common Files\System\msadc\msadds.dll
2002-08-29 08:00 147456 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021388.dll

2004-08-04 00:56 24576 C:\Program Files\Common Files\System\msadc\msaddsr.dll
2002-08-29 08:00 24576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021387.dll

2004-08-04 00:56 16384 C:\Program Files\Common Files\System\msadc\msdaprsr.dll
2002-08-29 08:00 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021386.dll

2004-08-04 00:56 200704 C:\Program Files\Common Files\System\msadc\msdaprst.dll
2002-08-29 08:00 180224 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021385.dll

2004-08-04 00:56 118784 C:\Program Files\Common Files\System\msadc\msdarem.dll
2002-08-29 08:00 110592 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021384.dll

2004-08-04 00:56 16384 C:\Program Files\Common Files\System\msadc\msdaremr.dll
2002-08-29 08:00 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021383.dll

2004-08-04 00:56 36864 C:\Program Files\Common Files\System\msadc\msdfmap.dll
2002-08-29 08:00 32768 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021382.dll

2004-08-04 00:56 4096 C:\Program Files\Common Files\System\Ole DB\msdadc.dll
2002-08-29 08:00 4096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021365.dll

2004-08-04 00:56 4096 C:\Program Files\Common Files\System\Ole DB\msdaenum.dll
2002-08-29 08:00 4096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021364.dll

2004-08-04 00:56 4096 C:\Program Files\Common Files\System\Ole DB\msdaer.dll
2002-08-29 08:00 4096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021363.dll

2004-08-04 00:56 233472 C:\Program Files\Common Files\System\Ole DB\msdaora.dll
2002-08-29 08:00 221184 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021362.dll

2004-08-04 00:56 16384 C:\Program Files\Common Files\System\Ole DB\msdaorar.dll
2002-08-29 08:00 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021361.dll

2004-08-04 00:56 77824 C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2002-08-29 08:00 73728 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021360.dll

2004-08-04 00:56 204800 C:\Program Files\Common Files\System\Ole DB\msdaps.dll
2002-08-29 08:00 188416 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021359.dll

2004-08-04 00:56 4096 C:\Program Files\Common Files\System\Ole DB\msdasc.dll
2002-08-29 08:00 4096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021358.dll

2004-08-04 00:56 315392 C:\Program Files\Common Files\System\Ole DB\msdasql.dll
2002-08-29 08:00 303104 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021357.dll

2004-08-04 00:56 16384 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
2002-08-29 08:00 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021356.dll

2004-08-04 00:56 94208 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
2002-08-29 08:00 86016 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021355.dll

2004-08-04 00:56 20480 C:\Program Files\Common Files\System\Ole DB\msdatt.dll
2002-08-29 08:00 16384 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021354.dll

2004-08-04 00:56 4096 C:\Program Files\Common Files\System\Ole DB\msdaurl.dll
2002-08-29 08:00 4096 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021353.dll

2004-08-04 00:56 24576 C:\Program Files\Common Files\System\Ole DB\msxactps.dll
2002-08-29 08:00 24576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021352.dll

2004-08-04 00:56 487424 C:\Program Files\Common Files\System\Ole DB\oledb32.dll
2002-08-29 08:00 413696 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021351.dll

2004-08-04 00:56 65536 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
2002-08-29 08:00 65536 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021350.dll

2004-08-04 00:56 528384 C:\Program Files\Common Files\System\Ole DB\sqloledb.dll
2002-08-29 08:00 471040 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021349.dll

2004-08-04 00:56 217088 C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll
2002-08-29 08:00 196608 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0021348.dll

2004-08-04 00:56 504832 C:\Program Files\Common Files\System\wab32.dll
2002-08-29 08:00 459776 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020570.dll

2004-08-04 00:56 249856 C:\Program Files\Common Files\System\wab32res.dll
2002-08-29 08:00 249344 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020569.dll

C:\Program Files\Common Files\System\wmsncs.exe
2008-09-19 00:01 187155 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP34\A0022763.exe

2004-08-04 00:56 61440 C:\Program Files\Internet Explorer\Connection Wizard\icwconn.dll
2002-08-29 08:00 57344 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020605.dll

2004-08-04 00:56 214528 C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
2002-08-29 08:00 208896 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020604.exe

2004-08-04 00:56 86016 C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
2002-08-29 08:00 77824 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020603.exe

2004-08-04 00:56 32768 C:\Program Files\Internet Explorer\Connection Wizard\icwdl.dll
2002-08-29 08:00 24576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020602.dll

2004-08-04 00:56 172032 C:\Program Files\Internet Explorer\Connection Wizard\icwhelp.dll
2002-08-29 08:00 155648 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020601.dll

2004-08-04 00:56 24576 C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
2002-08-29 08:00 24576 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020600.exe

2004-08-04 00:56 49152 C:\Program Files\Internet Explorer\Connection Wizard\icwutil.dll
2002-08-29 08:00 45056 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020599.dll

2004-08-04 00:56 20480 C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
2002-08-29 08:00 20480 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020598.exe

2004-08-04 00:56 38912 C:\Program Files\Internet Explorer\hmmapi.dll
2002-08-29 08:00 36352 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020654.DLL

2004-08-04 00:56 93184 C:\Program Files\Internet Explorer\iexplore.exe
2002-08-29 08:00 91136 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP26\A0020653.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe
2008-09-10 00:03 380080 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022579.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
2008-09-10 00:03 61104 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022580.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
2008-09-10 00:03 1253040 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022577.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
2008-09-10 00:03 73392 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022586.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2008-09-10 00:03 110256 {0C48A142-964D-4DB8-B81C-CF93621EA4DC}\RP30\A0022571.exe
  • 0

#8
Egwene
Posted 25 September 2008 - 07:04 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-09-19 187155]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-09-19 187155]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-09 24539]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-30 89610]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Wmsncs Service - C:\WINDOWS\Fonts\wmsncs.exe
HKLM-Run-NvidMediaCenter - C:\Program Files\Common Files\System\wmsncs.exe
HKLM-Run-Spool Driver Service - C:\WINDOWS\System32\spool\drivers\wmsncs.exe
HKLM-Run-Disk Defragmenter - C:\WINDOWS\System32\kxrpg.exe
HKU-Default-Run-NvidMediaCenter - C:\Program Files\Common Files\System\wmsncs.exe
HKU-Default-Run-Wmsncs Service - C:\WINDOWS\Fonts\wmsncs.exe
HKU-Default-Run-Spool Driver Service - C:\WINDOWS\System32\spool\drivers\wmsncs.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Integrated Windows Authentication]
"ImagePath"="\"C:\Program Files\Common Files\System\MSIWA32.exe\""
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NET Runtime Optimization Service v2.1.41329_X86]
"ImagePath"="\"C:\WINDOWS\Fonts\wmsncs.exe\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-24 20:46:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-25 00:46:13
ComboFix2.txt 2008-09-23 22:44:21
ComboFix3.txt 2008-09-23 22:40:41

Pre-Run: 193,482,534,912 bytes free
Post-Run: 193,423,331,328 bytes free

5600 --- E O F --- 2008-09-18 01:06:04
  • 0

#9
Egwene
Posted 25 September 2008 - 09:13 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb,

I noticed you haven't installed the Recovery Console when you've run combofix for the first time.

I would like you to install Recovery Console now, if you please.

http://www.bleepingc...to-use-combofix

>> This link could help you to install Recovery Console.

When it's done, please post me ( and do not attach it please ) the new combofix repport.

Don't worry about the issue, we will fix it :)

Thanks :)

Regards,
Egwene.
  • 0

#10
stieveb
Posted 25 September 2008 - 09:27 PM

stieveb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Egwene

Here is the new log you requested with the recovery console installed. Thank you once again for your help.



ComboFix 08-09-25.03 - Steve & Mayi 2008-09-25 23:22:45.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.701 [GMT -4:00]
Running from: C:\Documents and Settings\Steve & Mayi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Steve & Mayi\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-23 22:35 . 2008-09-23 22:35 <DIR> d-------- C:\Documents and Settings\Steve & Mayi\Application Data\Apple Computer
2008-09-23 22:34 . 2008-09-23 22:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-23 22:32 . 2008-09-23 22:33 <DIR> d-------- C:\Program Files\QuickTime
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-22 21:59 . 2008-09-22 21:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\Steve & Mayi\Application Data\Malwarebytes
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 21:31 . 2008-09-22 21:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:18 . 2008-09-22 21:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-22 21:12 . 2008-09-22 21:20 <DIR> d-------- C:\SDFix
2008-09-21 22:27 . 2008-09-21 22:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-21 22:16 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-21 22:12 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-09-21 21:34 . 2008-09-21 21:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-20 17:10 . 2008-09-22 20:51 10 --a------ C:\Documents and Settings\STEVE
2008-09-19 00:41 . 2008-09-19 20:43 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-18 23:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-09-18 23:32 . 2004-08-04 02:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.book
2008-09-18 23:19 . 2008-09-18 23:19 <DIR> d-------- C:\WINDOWS\provisioning
2008-09-18 23:18 . 2008-09-18 23:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 23:15 . 2008-09-21 22:10 <DIR> d-------- C:\WINDOWS\EHome
2008-09-18 23:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-18 23:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-09-18 23:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-09-17 21:06 . 2008-09-17 21:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-05 16:16 . 2008-09-05 16:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-05 16:13 . 2008-09-07 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 01:02 3,654 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-19 16:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 16:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-09 03:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 20:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-23 02:52 --------- d-----w C:\Program Files\Intel
2008-08-23 02:47 --------- d-----w C:\Program Files\Gigabyte
2008-08-23 02:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-23 02:27 558,142 ----a-w C:\WINDOWS\java\Packages\MKFZFV57.ZIP
2008-08-23 02:27 155,995 ----a-w C:\WINDOWS\java\Packages\UW5B9RN3.ZIP
2008-08-23 02:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-23 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 02:02 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-23 01:58 --------- d-----w C:\Program Files\USR
2008-08-23 01:57 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Canon
2008-08-23 01:56 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-23 01:56 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\ScanSoft
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-08-23 01:55 --------- d-----w C:\Program Files\ScanSoft
2008-08-23 01:55 --------- d-----w C:\Program Files\ArcSoft
2008-08-23 01:54 --------- d-----w C:\Program Files\Canon
2008-08-23 01:51 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-23 01:47 --------- d-----w C:\Program Files\directx
2008-08-23 01:43 --------- d-----w C:\Program Files\Java
2008-08-23 01:42 --------- d-----w C:\Program Files\Common Files\Java
2008-08-18 16:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_18.40.26.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-09-24 02:32:40 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-26 01:06:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-09-19 187155]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-09-19 187155]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-09 24539]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-30 89610]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Steve & Mayi\Application Data\Mozilla\Firefox\Profiles\z7i4ktvf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-09-25 23:24:09
ComboFix-quarantined-files.txt 2008-09-26 03:24:06
ComboFix2.txt 2008-09-25 00:46:17
ComboFix3.txt 2008-09-23 22:44:21
ComboFix4.txt 2008-09-23 22:40:41

Pre-Run: 193,346,379,776 bytes free
Post-Run: 193,317,752,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

157 --- E O F --- 2008-09-18 01:06:04
  • 0

Advertisements

#11
Egwene
Posted 26 September 2008 - 06:44 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb,

Let's go on :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
Integrated Windows Authentication
NET Runtime Optimization Service v2.1.41329_X86

File::
C:\Program Files\Common Files\System\MSIWA32.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\a.bat
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
C:\Program Files\Common Files\System\wmsncs.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ftpupd.exe
C:\WINDOWS\system32\kxrpg.exe
C:\WINDOWS\system32\spool\drivers\wmsncs.exe
C:\WINDOWS\system32\ssms.exe
C:\WINDOWS\system32\wmsoft06704.exe
C:\WINDOWS\system32\wmsoft08348.exe
C:\WINDOWS\system32\wmsoft17686.exe
C:\WINDOWS\system32\wmsoft52628.exe
C:\WINDOWS\system32\wmsoft67454.exe
C:\WINDOWS\system32\wmsoft72142.exe
C:\WINDOWS\system32\wmsoft74724.exe
C:\WINDOWS\system32\wmsoft84254.exe
C:\WINDOWS\System32\wins\wmsncs.exe

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
Egwene.
  • 0

#12
stieveb
Posted 26 September 2008 - 07:46 PM

stieveb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Egwene, here is the new log you requested. Thanks


ComboFix 08-09-26.01 - Steve & Mayi 2008-09-26 21:39:54.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735 [GMT -4:00]
Running from: C:\Documents and Settings\Steve & Mayi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Steve & Mayi\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\a.bat
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
C:\Program Files\Common Files\System\MSIWA32.exe
C:\Program Files\Common Files\System\wmsncs.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ftpupd.exe
C:\WINDOWS\system32\kxrpg.exe
C:\WINDOWS\system32\spool\drivers\wmsncs.exe
C:\WINDOWS\system32\ssms.exe
C:\WINDOWS\System32\wins\wmsncs.exe
C:\WINDOWS\system32\wmsoft06704.exe
C:\WINDOWS\system32\wmsoft08348.exe
C:\WINDOWS\system32\wmsoft17686.exe
C:\WINDOWS\system32\wmsoft52628.exe
C:\WINDOWS\system32\wmsoft67454.exe
C:\WINDOWS\system32\wmsoft72142.exe
C:\WINDOWS\system32\wmsoft74724.exe
C:\WINDOWS\system32\wmsoft84254.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\System32\wins\wmsncs.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-23 22:35 . 2008-09-23 22:35 <DIR> d-------- C:\Documents and Settings\Steve & Mayi\Application Data\Apple Computer
2008-09-23 22:34 . 2008-09-23 22:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-23 22:32 . 2008-09-23 22:33 <DIR> d-------- C:\Program Files\QuickTime
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-22 21:59 . 2008-09-22 21:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\Steve & Mayi\Application Data\Malwarebytes
2008-09-22 21:44 . 2008-09-22 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 21:31 . 2008-09-22 21:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:18 . 2008-09-22 21:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-22 21:12 . 2008-09-22 21:20 <DIR> d-------- C:\SDFix
2008-09-21 22:27 . 2008-09-21 22:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-21 22:16 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-21 22:12 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-09-21 21:34 . 2008-09-21 21:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-20 17:10 . 2008-09-22 20:51 10 --a------ C:\Documents and Settings\STEVE
2008-09-19 00:41 . 2008-09-19 20:43 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-18 23:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-09-18 23:32 . 2004-08-04 02:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.book
2008-09-18 23:19 . 2008-09-18 23:19 <DIR> d-------- C:\WINDOWS\provisioning
2008-09-18 23:18 . 2008-09-18 23:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 23:15 . 2008-09-21 22:10 <DIR> d-------- C:\WINDOWS\EHome
2008-09-18 23:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-18 23:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-09-18 23:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-09-17 21:06 . 2008-09-17 21:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-05 16:16 . 2008-09-05 16:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-05 16:13 . 2008-09-07 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 02:52 --------- d-----w C:\Program Files\Intel
2008-08-23 02:47 --------- d-----w C:\Program Files\Gigabyte
2008-08-23 02:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-23 02:27 558,142 ----a-w C:\WINDOWS\java\Packages\MKFZFV57.ZIP
2008-08-23 02:27 155,995 ----a-w C:\WINDOWS\java\Packages\UW5B9RN3.ZIP
2008-08-23 02:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-23 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 02:02 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-23 01:58 --------- d-----w C:\Program Files\USR
2008-08-23 01:57 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Canon
2008-08-23 01:56 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-23 01:56 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\ScanSoft
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-08-23 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-08-23 01:55 --------- d-----w C:\Program Files\ScanSoft
2008-08-23 01:55 --------- d-----w C:\Program Files\ArcSoft
2008-08-23 01:54 --------- d-----w C:\Program Files\Canon
2008-08-23 01:51 --------- d-----w C:\Documents and Settings\Steve & Mayi\Application Data\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Roxio
2008-08-23 01:48 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-23 01:47 --------- d-----w C:\Program Files\directx
2008-08-23 01:43 --------- d-----w C:\Program Files\Java
2008-08-23 01:42 --------- d-----w C:\Program Files\Common Files\Java
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_18.40.26.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-09-24 02:32:40 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-27 01:42:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-09 24539]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-30 89610]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Wins Service - C:\WINDOWS\System32\wins\wmsncs.exe
HKU-Default-Run-Wins Service - C:\WINDOWS\System32\wins\wmsncs.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-26 21:43:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 01:43:43
ComboFix2.txt 2008-09-26 03:24:10
ComboFix3.txt 2008-09-25 00:46:17
ComboFix4.txt 2008-09-23 22:44:21
ComboFix5.txt 2008-09-27 01:39:23

Pre-Run: 193,351,553,024 bytes free
Post-Run: 193,349,566,464 bytes free

168 --- E O F --- 2008-09-18 01:06:04
  • 0

#13
Egwene
Posted 27 September 2008 - 05:55 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb,

Let's go on :)

1) Get an uninstall list :

Please open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

2) Run MBAM :

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3) Viruscan :

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

  • Please go to VirScan
  • Copy and paste the following file path into the Suspicious files to scan box.
    o C:\WINDOWS\jautoexp.dat
  • Click on the Upload button
  • Once the Scan has completed, click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Regards,
Egwene.
  • 0

#14
stieveb
Posted 27 September 2008 - 08:40 PM

stieveb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Egwene, here are the logs of the 3 steps you requested. Thanks


VirSCAN.org Scanned Report :
Scanned time : 2008/09/27 22:21:22 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : jautoexp.dat
File Size : 6550 byte
File Type : ASCII English text, with CRLF line terminators
MD5 : 9d8441d979af7e15af6331a0f41fbb89
SHA1 : e68d12b3948be5ca49c19f73f0f5893e04613fb1
Online report : http://virscan.org/r...b4624a8e74.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.14 2008.09.27 2008-09-27 1.56 -
AhnLab V3 2008.09.27.00 2008.09.27 2008-09-27 0.97 -
AntiVir 7.8.1.34 7.0.6.219 2008-09-27 3.34 -
Arcavir 1.0.5 200809271037 2008-09-27 2.66 -
Authentium 5.1.1 200809241708 2008-09-24 1.32 -
AVAST! 3.0.1 080927-0 2008-09-27 0.00 -
AVG 7.5.52.442 270.7.4/1695 2008-09-27 3.88 -
BitDefender 7.60825.1819296 7.21071 2008-09-28 6.51 -
CA (VET) 9.0.0.143 31.6.6111 2008-09-26 4.59 -
ClamAV 0.94 8346 2008-09-27 0.00 -
Comodo 2.11 2.0.0.659 2008-09-27 0.48 -
CP Secure 1.1.0.715 2008.09.28 2008-09-28 12.02 -
Dr.Web 4.44.0.9170 2008.09.27 2008-09-27 5.69 -
ewido 4.0.0.2 2008.09.27 2008-09-27 2.89 -
F-Prot 4.4.4.56 20080927 2008-09-27 1.92 -
F-Secure 5.51.6100 2008.09.27.02 2008-09-27 0.03 -
Fortinet 2.81-3.113 9.595 2008-09-27 0.16 -
ViRobot 20080926 2008.09.26 2008-09-26 0.45 -
Ikarus T3.1.01.34 2008.09.27.71540 2008-09-27 6.86 -
JiangMin 11.0.706 2008.09.27 2008-09-27 1.46 -
Kaspersky 5.5.10 2008.09.28 2008-09-28 0.07 -
KingSoft 2008.9.8.18 2008.9.27.15 2008-09-27 0.78 -
McAfee 5.3.00 5393 2008-09-26 3.87 -
Microsoft 1.3903 2008.09.28 2008-09-28 4.11 -
mks_vir 2.01 2008.09.27 2008-09-27 5.46 -
Norman 5.93.01 5.93.00 2008-09-18 7.16 -
Panda 9.05.01 2008.09.27 2008-09-27 2.38 -
Trend Micro 8.700-1004 5.568.32 2008-09-27 0.03 -
Quick Heal 9.50 2008.09.27 2008-09-27 3.56 -
Rising 20.0 20.63.52.00 2008-09-27 0.30 -
Sophos 2.79.0 4.34 2008-09-28 3.44 -
Sunbelt 3.1.1675.1 2261 2008-09-26 0.58 -
Symantec 1.3.0.24 20080927.002 2008-09-27 0.04 -
nProtect 2008-09-26.00 2173927 2008-09-26 4.22 -
The Hacker 6.3.0.9 v00095 2008-09-27 0.48 -
VBA32 3.12.8.6 20080927.0923 2008-09-27 2.56 -
VirusBuster 4.5.11.10 10.88.8/635865 2008-09-26 1.76 -




Malwarebytes' Anti-Malware 1.28
Database version: 1216
Windows 5.1.2600 Service Pack 2

9/27/2008 10:02:30 PM
mbam-log-2008-09-27 (22-02-30).txt

Scan type: Quick Scan
Objects scanned: 42181
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Apple Software Update
ArcSoft PhotoStudio 5.5
avast! Antivirus
Canon MP Navigator 2.0
Canon MP500
Canon Utilities Easy-PhotoPrint
Easy CD & DVD Creator 6
Easy-WebPrint
Enable S3 for USB Device
HijackThis 2.0.2
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Java™ 6 Update 7
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.2)
OmniPage SE 2.0
QuickTime
Update for Windows XP (KB898461)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
Yahoo! Messenger
  • 0

#15
Egwene
Posted 28 September 2008 - 11:04 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello stieveb,

We are nearly finished :)

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

---

I notice that there is no firewall running on your computer. A firewall is an essentiel part of your protection which shouldn't be ignored. Please set up one of them i proposed you :


Please post me a fresh HijackThis log in your next answer and please tell me how your computer is running now.

Regards,
Egwene.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP