dumpdata errors [lzx32.sys - suspect rootkit]

banmido · 2006/12/11

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [G:\Documents and Settings\Owner\Desktop\Mini121106-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: G:\WINDOWS;G:\WINDOWS\system32;G:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 MP (2 procs) Free x86 compatible
Product: WinNt
Built by: 2600.xpclient.010817-1148
Kernel base = 0x804d0000 PsLoadedModuleList = 0x8054ae28
Debug session time: Mon Dec 11 13:32:33.359 2006 (GMT+5)
System Uptime: 0 days 0:08:00.088
Loading Kernel Symbols
...........................................................................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {8, 2, 0, f7727d65}

Unable to load image lzx32.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for lzx32.sys
*** ERROR: Module load completed but symbols could not be loaded for lzx32.sys
*** WARNING: Unable to verify timestamp for Rtlnic51.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtlnic51.sys
Probably caused by : lzx32.sys ( lzx32+5fad )

Followup: MachineOwner
---------

1: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f7727d65, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: 00000008

CURRENT_IRQL: 2

FAULTING_IP:
NDIS!NdisMSendComplete+2a
f7727d65 8b4308 mov eax,dword ptr [ebx+8]

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

TRAP_FRAME: f7c59c38 -- (.trap fffffffff7c59c38)
.trap fffffffff7c59c38
ErrCode = 00000000
eax=ffffffff ebx=00000000 ecx=00000002 edx=85b3d702 esi=86794634 edi=85b3d798
eip=f7727d65 esp=f7c59cac ebp=f7c59cb4 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
NDIS!NdisMSendComplete+0x2a:
f7727d65 8b4308 mov eax,dword ptr [ebx+8] ds:0023:00000008=????????
.trap
Resetting default scope

LAST_CONTROL_TRANSFER: from 804fd12e to 80517ee6

STACK_TEXT:
f7c59c1c 804fd12e 0000000a 00000008 00000002 nt!KeBugCheckEx+0x19
f7c59c1c f7727d65 0000000a 00000008 00000002 nt!KiTrap0E+0x2b5
f7c59cb4 f5de7fad 8666c8c8 00000000 00000000 NDIS!NdisMSendComplete+0x2a
WARNING: Stack unwind information not available. Following frames may be wrong.
f7c59cd4 f72d34c6 86794610 8666c8c8 85b3d798 lzx32+0x5fad
f7c59d1c f772ac07 85f4e000 80549940 f7abe9c0 Rtlnic51+0xd4c6
f7c59d38 804dd55d 85f4e164 85f4e150 00000000 NDIS!ndisMDpc+0x100
f7c59d50 804dd45c 00000000 0000000e 00000000 nt!KiRetireDpcList+0x47
f7c59d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28

STACK_COMMAND: kb

FOLLOWUP_IP:
lzx32+5fad
f5de7fad ?? ???

SYMBOL_STACK_INDEX: 3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: lzx32

IMAGE_NAME: lzx32.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45752257

SYMBOL_NAME: lzx32+5fad

FAILURE_BUCKET_ID: 0xD1_lzx32+5fad

BUCKET_ID: 0xD1_lzx32+5fad

Followup: MachineOwner
---------

eax=f7abe13c ebx=0000000a ecx=00000000 edx=40000000 esi=f7727d65 edi=00000008
eip=80517ee6 esp=f7c59c04 ebp=f7c59c1c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x19:
80517ee6 5d pop ebp
ChildEBP RetAddr Args to Child
f7c59c1c 804fd12e 0000000a 00000008 00000002 nt!KeBugCheckEx+0x19 (FPO: [Non-Fpo])
f7c59c1c f7727d65 0000000a 00000008 00000002 nt!KiTrap0E+0x2b5 (FPO: [0,0] TrapFrame @ f7c59c38)
f7c59cb4 f5de7fad 8666c8c8 00000000 00000000 NDIS!NdisMSendComplete+0x2a (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
f7c59cd4 f72d34c6 86794610 8666c8c8 85b3d798 lzx32+0x5fad
f7c59d1c f772ac07 85f4e000 80549940 f7abe9c0 Rtlnic51+0xd4c6
f7c59d38 804dd55d 85f4e164 85f4e150 00000000 NDIS!ndisMDpc+0x100 (FPO: [Uses EBP] [4,1,4])
f7c59d50 804dd45c 00000000 0000000e 00000000 nt!KiRetireDpcList+0x47 (FPO: [0,1,0])
f7c59d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28 (FPO: [0,0,0])
start end module name
804d0000 806b8000 nt ntkrnlmp.exe Sat Aug 18 07:05:48 2001 (3B7DC674)
806b8000 806d8080 hal halmacpi.dll Sat Aug 18 02:18:20 2001 (3B7D8314)
b9dff000 b9e4db00 srv srv.sys Sat Mar 29 04:32:17 2003 (3E84D479)
b9f8e000 b9fb8280 mrxdav mrxdav.sys Sat Aug 18 02:20:20 2001 (3B7D838C)
ba179000 ba19fe00 kmixer kmixer.sys Sat Aug 18 02:30:45 2001 (3B7D85FD)
ba240000 ba253700 wdmaud wdmaud.sys Sat Aug 18 09:12:48 2001 (3B7DE438)
baca0000 bacbfe80 afd afd.sys Sat Aug 18 07:00:36 2001 (3B7DC53C)
bad90000 bad9e080 sysaudio sysaudio.sys Sat Aug 18 09:17:26 2001 (3B7DE54E)
badb4000 badb6f80 ndisuio ndisuio.sys Sat Aug 18 02:23:53 2001 (3B7D8461)
bf800000 bf9b7580 win32k win32k.sys Sat Aug 18 09:22:56 2001 (3B7DE698)
bf9b8000 bfd82300 nv4_disp nv4_disp.dll Thu Feb 24 21:38:56 2005 (421DFC18)
bff80000 bff90a80 dxg dxg.sys Sat Aug 18 03:25:56 2001 (3B7D92EC)
f4e66000 f4e73800 irda irda.sys Sat Aug 18 02:21:32 2001 (3B7D83D4)
f5c87000 f5c9c280 dump_atapi dump_atapi.sys Sat Aug 18 02:21:49 2001 (3B7D83E5)
f5c9d000 f5cfcb00 mrxsmb mrxsmb.sys Tue Nov 19 00:46:55 2002 (3DD93CA7)
f5cfd000 f5d25000 rdbss rdbss.sys Sat Aug 18 09:14:30 2001 (3B7DE49E)
f5d4d000 f5d71b00 netbt netbt.sys Sat Aug 18 07:02:18 2001 (3B7DC5A2)
f5d72000 f5dc1e00 tcpip tcpip.sys Sat Aug 18 07:01:44 2001 (3B7DC580)
f5de2000 f5df4000 lzx32 lzx32.sys Tue Dec 05 13:10:07 2006 (45752257)
f6f72000 f6f72b80 Null Null.SYS Sat Aug 18 02:17:39 2001 (3B7D82EB)
f7046000 f7046fe0 pal_drv pal_drv.sys Thu Dec 14 15:58:40 2000 (3A38A0D8)
f705c000 f707d780 update update.sys Sat Aug 18 09:23:56 2001 (3B7DE6D4)
f711e000 f714a580 rdpdr rdpdr.sys Sat Aug 18 02:20:45 2001 (3B7D83A5)
f714b000 f715b180 psched psched.sys Sat Aug 18 02:24:25 2001 (3B7D8481)
f715c000 f7171900 ndiswan ndiswan.sys Sat Aug 18 07:00:58 2001 (3B7DC552)
f719a000 f71ac980 parport parport.sys Sat Aug 18 02:20:05 2001 (3B7D837D)
f71ad000 f720ec00 ALCXSENS ALCXSENS.SYS Mon Feb 23 23:41:09 2004 (403A423D)
f720f000 f722ff80 portcls portcls.sys Sat Aug 18 09:01:59 2001 (3B7DE1AF)
f7230000 f72c5780 ALCXWDM ALCXWDM.SYS Fri May 14 20:54:08 2004 (40A4E498)
f72c6000 f72d6f80 Rtlnic51 Rtlnic51.sys Wed Dec 31 09:28:46 2003 (3FF24976)
f72d7000 f7328ea0 Cap7134 Cap7134.sys Tue Jun 22 07:27:25 2004 (40D79205)
f7329000 f7348d00 ks ks.sys Wed Dec 04 22:39:38 2002 (3DEE36D2)
f7349000 f7367180 USBPORT USBPORT.SYS Sat Aug 18 02:33:07 2001 (3B7D868B)
f7368000 f76b34c0 nv4_mini nv4_mini.sys Thu Feb 24 21:43:44 2005 (421DFD38)
f76d8000 f76da280 rasacd rasacd.sys Sat Aug 18 02:25:39 2001 (3B7D84CB)
f76fc000 f7715600 Mup Mup.sys Sat Aug 18 08:51:29 2001 (3B7DDF39)
f7716000 f773d700 NDIS NDIS.sys Sat Aug 18 07:01:13 2001 (3B7DC561)
f773e000 f7751780 KSecDD KSecDD.sys Sat Aug 18 02:20:01 2001 (3B7D8379)
f7752000 f7775580 Fastfat Fastfat.sys Sat Aug 18 09:09:54 2001 (3B7DE38A)
f7776000 f7787300 sr sr.sys Sat Aug 18 02:30:38 2001 (3B7D85F6)
f7788000 f779d280 atapi atapi.sys Sat Aug 18 02:21:49 2001 (3B7D83E5)
f779e000 f77c1b80 dmio dmio.sys Sat Aug 18 02:28:27 2001 (3B7D8573)
f77c2000 f77e0880 ftdisk ftdisk.sys Sat Aug 18 02:22:41 2001 (3B7D8419)
f77e1000 f780cc00 ACPI ACPI.sys Sat Aug 18 02:27:52 2001 (3B7D8550)
f782e000 f783d400 pci pci.sys Sat Aug 18 02:28:04 2001 (3B7D855C)
f783e000 f7846c00 isapnp isapnp.sys Sat Aug 18 02:28:01 2001 (3B7D8559)
f784e000 f7857280 MountMgr MountMgr.sys Sat Aug 18 02:17:36 2001 (3B7D82E8)
f785e000 f786a000 VolSnap VolSnap.sys Sat Aug 18 02:23:19 2001 (3B7D843F)
f786e000 f7876380 disk disk.sys Sat Aug 18 02:22:31 2001 (3B7D840F)
f787e000 f7888f80 CLASSPNP CLASSPNP.SYS Sat Aug 18 07:02:31 2001 (3B7DC5AF)
f78ae000 f78bde00 VIDEOPRT VIDEOPRT.SYS Sat Aug 18 02:27:42 2001 (3B7D8546)
f78be000 f78c7980 Imapi Imapi.SYS Sat Aug 18 02:23:17 2001 (3B7D843D)
f78ce000 f78d9980 cdrom cdrom.sys Sat Aug 18 02:22:25 2001 (3B7D8409)
f78de000 f78eba00 redbook redbook.sys Sat Aug 18 02:21:37 2001 (3B7D83D9)
f78ee000 f78f9d80 STREAM STREAM.SYS Fri Jul 09 16:18:03 2004 (40EE77E3)
f78fe000 f790c000 drmk drmk.sys Sat Aug 18 02:31:08 2001 (3B7D8614)
f790e000 f791d400 serial serial.sys Sat Aug 18 08:57:19 2001 (3B7DE097)
f791e000 f792a700 i8042prt i8042prt.sys Sat Aug 18 09:14:51 2001 (3B7DE4B3)
f792e000 f7939e00 rasl2tp rasl2tp.sys Sat Aug 18 07:00:47 2001 (3B7DC547)
f793e000 f7947800 raspppoe raspppoe.sys Sat Aug 18 02:25:33 2001 (3B7D84C5)
f794e000 f7959480 raspptp raspptp.sys Wed Oct 02 07:13:48 2002 (3D9A4F54)
f795e000 f7966400 msgpc msgpc.sys Sat Aug 18 02:24:19 2001 (3B7D847B)
f796e000 f7977380 termdd termdd.sys Sat Aug 18 02:16:42 2001 (3B7D82B2)
f797e000 f7987480 NDProxy NDProxy.SYS Sat Aug 18 02:25:30 2001 (3B7D84C2)
f798e000 f799a600 usbhub usbhub.sys Sat Aug 18 02:33:11 2001 (3B7D868F)
f79ae000 f79bbb00 ipsec ipsec.sys Sat Aug 18 07:00:42 2001 (3B7DC542)
f79be000 f79c6200 wanarp wanarp.sys Sat Aug 18 02:25:23 2001 (3B7D84BB)
f79ce000 f79d6180 netbios netbios.sys Sat Aug 18 02:24:00 2001 (3B7D8468)
f79de000 f79e6880 Fips Fips.SYS Sat Aug 18 07:01:49 2001 (3B7DC585)
f79ee000 f79fd300 Cdfs Cdfs.SYS Sat Aug 18 09:03:34 2001 (3B7DE20E)
f7aae000 f7ab3c80 PCIIDEX PCIIDEX.SYS Sat Aug 18 02:21:46 2001 (3B7D83E2)
f7ab6000 f7aba900 PartMgr PartMgr.sys Sat Aug 18 07:02:23 2001 (3B7DC5A7)
f7aee000 f7af5780 processr processr.sys Sat Aug 18 02:18:32 2001 (3B7D8320)
f7af6000 f7af7000 fdc fdc.sys unavailable (00000000)
f7afe000 f7b02900 irsir irsir.sys Sat Aug 18 02:21:28 2001 (3B7D83D0)
f7b06000 f7b0b600 mouclass mouclass.sys Sat Aug 18 02:17:50 2001 (3B7D82F6)
f7b0e000 f7b13b80 kbdclass kbdclass.sys Sat Aug 18 02:17:47 2001 (3B7D82F3)
f7b16000 f7b1ac80 rasirda rasirda.sys Sat Aug 18 02:21:29 2001 (3B7D83D1)
f7b1e000 f7b22580 ptilink ptilink.sys Sat Aug 18 02:19:53 2001 (3B7D8371)
f7b26000 f7b2a080 raspti raspti.sys Sat Aug 18 02:25:32 2001 (3B7D84C4)
f7b2e000 f7b34a00 PhTVTune PhTVTune.sys Mon May 31 15:05:26 2004 (40BAFC5E)
f7b36000 f7b3ad00 flpydisk flpydisk.sys Sat Aug 18 02:21:21 2001 (3B7D83C9)
f7b46000 f7b4ac80 vga vga.sys Sat Aug 18 02:27:51 2001 (3B7D854F)
f7b4e000 f7b52680 Msfs Msfs.SYS Sat Aug 18 02:20:02 2001 (3B7D837A)
f7b56000 f7b5d380 Npfs Npfs.SYS Sat Aug 18 02:20:03 2001 (3B7D837B)
f7c3e000 f7c41000 BOOTVID BOOTVID.dll Sat Aug 18 02:19:09 2001 (3B7D8345)
f7c42000 f7c455c0 atisgkaf atisgkaf.sys Fri Oct 24 23:53:44 2003 (3F996E30)
f7cce000 f7cd1900 watchdog watchdog.sys Sat Aug 18 02:29:35 2001 (3B7D85B7)
f7cd2000 f7cd5d00 usbohci usbohci.sys Sat Aug 18 02:33:04 2001 (3B7D8688)
f7cda000 f7cdda80 serenum serenum.sys Sat Aug 18 02:20:13 2001 (3B7D8385)
f7cde000 f7ce0900 irenum irenum.sys Sat Aug 18 02:21:19 2001 (3B7D83C7)
f7ce6000 f7ce9f80 TDI TDI.SYS Sat Aug 18 02:27:25 2001 (3B7D8535)
f7cea000 f7cec580 ndistapi ndistapi.sys Sat Aug 18 02:25:29 2001 (3B7D84C1)
f7d2e000 f7d2fb80 kdcom kdcom.dll Sat Aug 18 02:19:10 2001 (3B7D8346)
f7d30000 f7d31100 WMILIB WMILIB.SYS Sat Aug 18 02:37:23 2001 (3B7D878B)
f7d32000 f7d33700 dmload dmload.sys Sat Aug 18 02:28:15 2001 (3B7D8567)
f7d3c000 f7d3d280 USBD USBD.SYS Sat Aug 18 02:32:58 2001 (3B7D8682)
f7d3e000 f7d3ff00 Fs_Rec Fs_Rec.SYS Sat Aug 18 02:19:37 2001 (3B7D8361)
f7d40000 f7d41080 Beep Beep.SYS Sat Aug 18 02:17:33 2001 (3B7D82E5)
f7d42000 f7d43080 mnmdd mnmdd.SYS Sat Aug 18 02:27:28 2001 (3B7D8538)
f7d44000 f7d45080 RDPCDD RDPCDD.sys Sat Aug 18 02:16:56 2001 (3B7D82C0)
f7d46000 f7d47100 dump_WMILIB dump_WMILIB.SYS Sat Aug 18 02:37:23 2001 (3B7D878B)
f7da6000 f7da7a80 ParVdm ParVdm.SYS Sat Aug 18 02:19:49 2001 (3B7D836D)
f7dc6000 f7dc7200 MSPQM MSPQM.sys Sat Aug 18 02:18:42 2001 (3B7D832A)
f7df6000 f7df6d00 pciide pciide.sys Sat Aug 18 02:21:49 2001 (3B7D83E5)
f7ebb000 f7ebbc00 audstub audstub.sys Sat Aug 18 02:29:40 2001 (3B7D85BC)
f7ec0000 f7ec1000 swenum swenum.sys Wed Dec 04 22:40:07 2002 (3DEE36EF)
f7f30000 f7f30d00 dxgthk dxgthk.sys Sat Aug 18 02:23:12 2001 (3B7D8438)

Unloaded modules:
f7d72000 f7d74000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7ed8000 f7ed9000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bad50000 bad5d000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ba254000 ba270000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f4de6000 f4df4000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7b3e000 f7b43000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7d26000 f7d29000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

please help me, I bought my computer year ago, from the day of purchase, I see problems, computer automatically restarts, but occasionally, now I installed service pack 2 and the problem is at peak, system is unstable and there is a continues restart, please help me

thanks in advance

ban

PeteC · 2006/12/11

banmido - Welcome to the Board

The dump data indicates a problem with lzx32.sys which is a baddie - see here.

I have moved your thread to the Removing Spyware & Viruses forum with title edit.

In the meantime .....

Please download HijackThis through Quicklinks in my signature and save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary location. When entries are fixed with HJT a backup is made to the folder from which HJT is run and this must be in a permanent location.

Open the folder in which you placed HJT and double click on hijackthis.exe and select Scan and save a log file - this will be saved in the folder from which you ran HJT.

Post the log (copy/paste) into your next reply in this thread.

TeMerc · 2006/12/11

Hello and welcome to WindowsBBS Forums.

Yes as manetioned in the previuous post, you have a rootkit, so we'll need to run an rootkit scanner.

Download GMER from here

Right Click the Zip and Select "Extract All "

Double-click gmer.exe to launch the program.

Click on the Rootkit Tab and on the right side, untick the Registry box, then click Scan.

Once the scan is done, hit the copy button, then open notepad and paste the results here for me to see.

***NoteIf you get a message right off, saying rootkit activity has been detected, click 'No' to running a scan, then untick the registry box. This message will appear before you get to do that. If we don't untick that box, the scan will take forever and produce a huge log.

Then run HijackThis! and install as instructed below.

HiJackThis v:1.99.1
DL the zip file to your desktop, then create a new folder on your C drive, called 'HJT' or 'HijackThis'. Then unzip the files to the new folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

Run the program, and press Scan. You will notice the Scan button will turn into a "Save Log" button. Save the log and Post that log into this topic. DO NOT DELETE or modify anything yet, as some of it is needed to keep your system in good shape.

Post both the GMER logs and HJt back here for me to review.

banmido · 2006/12/11

this is the log file of gmer and hijackthis

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-11 21:04:33
Windows 5.1.2600 Service Pack 2

---- User code sections - GMER 1.0.12 ----

.text G:\Program Files\Internet Explorer\iexplore.exe[640] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01CA3E00 g:\progra~1\mcafee.com\vso\McVSSkt.dll
.text G:\progra~1\mcafee.com\vso\mcvsftsn.exe[1072] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01033E00 g:\progra~1\mcafee.com\vso\McVSSkt.dll
.text G:\Program Files\BitTorrent\bittorrent.exe[1480] WS2_32.dll!connect 71AB406A 5 Bytes JMP 02BA3E00 g:\progra~1\mcafee.com\vso\McVSSkt.dll
.text G:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1712] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01C03E00 g:\progra~1\mcafee.com\vso\McVSSkt.dll
.text G:\WINDOWS\SOUNDMAN.EXE[1756] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 g:\progra~1\mcafee.com\vso\McVSSkt.dll
.text ...
.text D:\SUPPORT\gmer.zip\gmer.exe[4068] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 g:\progra~1\mcafee.com\vso\McVSSkt.dll

hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 9:06:47 PM, on 12/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SuperTV\SuperTV\TVTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Aqua Dock\Aqua Dock.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\security\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\SuperTV\SuperTV\TVTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDOWS] C:\qlcojek.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

please let me know soon, I cant even check my mail, the system gets restart

thanks

ban

banmido · 2006/12/11

sorry I posted some other database

please dont check the above information, I gathered from another computer, sorry, this is the information, which I got from my computer, sorry, I messed up with my computer, sorry

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-11 21:04:28
Windows 5.1.2600

---- System - GMER 1.0.12 ----

SYSENTER \??\C:\WINDOWS\System32\lzx32.sys F5D00BC5

Code \??\C:\WINDOWS\System32\lzx32.sys
pIofCallDriver

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!Kei386EoiHelper + 14A5 804FC00B 3
Bytes [ AD, B5, 69 ]
.text tcpip.sys!IPTransmit + 1881 F5C8F6AF 6
Bytes CALL F5D02962 \??\C:\WINDOWS\System32\lzx32.sys
.text tcpip.sys!IPTransmit + 6E81 F5C94CAF 6
Bytes CALL F5D02962 \??\C:\WINDOWS\System32\lzx32.sys
.text tcpip.sys!IPTransmit + 70FF F5C94F2D 6
Bytes CALL F5D02962 \??\C:\WINDOWS\System32\lzx32.sys
.text wanarp.sys F79C30C1 7
Bytes CALL F5D0296C \??\C:\WINDOWS\System32\lzx32.sys
.text ntdll.dll!NtClose 77F5B458 5
Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 77F5B5B8 5
Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 77F5B5C8 5
Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 77F5B5E8 5
Bytes JMP 72033FC8

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\System32\lzx32.sys (*** hidden *** ) [SYSTEM]
pe386 <-- ROOTKIT !!!

---- Files - GMER 1.0.12 ----

File C:\WINDOWS\system32\lzx32.sys
<-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----

hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 9:06:47 PM, on 12/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SuperTV\SuperTV\TVTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Aqua Dock\Aqua Dock.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\security\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\SuperTV\SuperTV\TVTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDOWS] C:\qlcojek.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

thanks in advance

ban

TeMerc · 2006/12/11

Ok, not only do you have the rootkit originally indicated, but you have another big nasty too, HackerDefender.

We'll deal with the first one, using GMER once again, then the other.

Open GMER

Select the Services tab

Find the service called pe386

Right-click it and select Delete

Close GMER and Reboot

Once rebooted, run the following tool:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, the Advanced Options Menu should appear;

Select the first option, to run Windows in Safe Mode, then press Enter.

Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.

Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

banmido · 2006/12/11

I have done, what you have said, now what should I do

this is the log of hijackthis and the report file

hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 11:53:18 PM, on 12/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SuperTV\SuperTV\TVTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Aqua Dock\Aqua Dock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
F:\security\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\SuperTV\SuperTV\TVTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Sdfix log
SDFix: Version 1.46
****************

Mon 12/11/2006 - 23:45:16.48

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking For Trojan Services...

Service Name:

MsaSvc

File Path:

C:\WINDOWS\System32\msasvc.exe

MsaSvc Deleted...

Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

TeMerc · 2006/12/11

It looks as tho the log got cut off somehow, did you copy its entire contents?

After the part 'Checking for malware' it should continue like this:

C:\WINDOWS\system32\eraseme_27138.exe
C:\WINDOWS\Prefetch\ERASEME_27138.EXE-31C0F496.pf
C:\WINDOWS\system32\msdirectx.sys
C:\WINDOWS\system32\i

Backing Up and Removing any Files Found...

Final Check:

Remaining Services:
------------------

Remaining Files:
--------------

*Any removed Files are saved in the SDFix\backups Folder*

*FINISHED*
Click to expand...

Can you please double check the log.

banmido · 2006/12/12

you are right, only half of the message

ya, you are right, but I only got half of the log file, when I copied, so, I redid the scan and the new log is below

thanks

SDFix: Version 1.46
****************

Tue 12/12/2006 - 15:42:17.06

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking For Trojan Services...

Service Name:

File Path:

Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

Backing Up and Removing any Files Found...

Final Check:

Services:
---------

Authorized Applications Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\\qlcojek.exe "= "C:\\qlcojek.exe:*:Enabled:Server "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"c:\\qlcojek.exe "= "C:\\qlcojek.exe:*:Enabled:Server "

Files:
------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\pagefile.sys
C:\IO.SYS
C:\MSDOS.SYS

FINISHED!

banmido · 2006/12/12

xp service pack 2

now, can i upgrade xp with service pack 2, will it be ok,
or, the same problem will occur, I dont know, what to do. now the problem frequent restart stopped. is there anything else should I do to make my computer to work fine???

thanks in advance

ban

TeMerc · 2006/12/12

We need to kill one file.

Download the Killbox from here and save it to the desktop.

Double-click the KillBox icon on your desktop to open it

Select "Delete on Reboot "

Then select "All files ".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\qlcojek.exe

Return to Killbox

Go to the File menu, and choose "Paste from Clipboard ".

Click the red-and-white [Delete File] button.

Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

Do not reboot yet.

Two minor items to remove with HJT.

Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/...arch.yahoo.com

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Reboot, run HJT, if the above are gone, no need to repost with new log.

Download combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Then download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run.
Silent Runners will ask if you want to skip the supplementary search.
Please select 'No' to include them.
Then select 'Yes' to confirm the search.
When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.

We need to be sure you are totally free of infections before you go to Windows update. If not, you're likely to encounter problems.

banmido · 2006/12/13

combo log and slient runner log

hi,

As you said, once I scanned and deleted, the files you mention are gone, I did again with hijackthis to confirm my doubts. but works fine. I also collected the log file of slient runner.log and combo log. files.

"Silent Runners.vbs ", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++} "

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = " "C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = " "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet"
[ "Yahoo! Inc."]
"Skype" = " "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized" [ "Skype Technologies S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
[MS]
"nwiz" = "nwiz.exe /install" [ "NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" [ "Realtek Semiconductor Corp."]
"TVTray" = "C:\PROGRA~1\SuperTV\SuperTV\TVTray.exe" [empty string]
"RemoteControl" = " "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "
[ "Cyberlink Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" [ "Ahead
Software Gmbh"]
"TkBellExe" = " "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot" [ "RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe" [ "Sun Microsystems, Inc."]
"DownloadAccelerator" = "C:\PROGRA~1\DAP\DAP.EXE /STARTUP" [ "SpeedBit
Ltd."]
"Sony Ericsson PC Suite" = " "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" [ "Sony
Ericsson Mobile Communications AB"]
"QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe"
-atboottime" [file not found]
"Openwares LiveUpdate" = "C:\Program Files\LiveUpdate\LiveUpdate.exe"
[ "Openwares"]
"Aqua Dock" = "C:\Program Files\Aqua Dock\Aqua Dock.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DAPHelper Class "
\InProcServer32\(Default) = "C:\Program
Files\DAP\DAPBHO.dll" [ "Speedbit Ltd."]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper "
\InProcServer32\(Default) = "C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll" [ "Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class "
\InProcServer32\(Default) = "C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet
ClickCapture "
-> {HKLM...CLSID} = "BitComet Helper "
\InProcServer32\(Default) = "C:\Program
Files\BitComet\tools\BitCometBHO.dll" [ "BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class "
\InProcServer32\(Default) = "C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll" [ "Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL
Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not
found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) =
"C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class "
-> {HKLM...CLSID} = "DesktopContext Class "
\InProcServer32\(Default) =
"C:\WINDOWS\System32\nvcpl.dll" [ "NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper "
-> {HKLM...CLSID} = "NVIDIA CPL Extension "
\InProcServer32\(Default) =
"C:\WINDOWS\System32\nvcpl.dll" [ "NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer "
-> {HKLM...CLSID} = "Desktop Explorer "
\InProcServer32\(Default) =
"C:\WINDOWS\System32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) =
"C:\WINDOWS\System32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu "
-> {HKLM...CLSID} = "nView Desktop Context Menu "
\InProcServer32\(Default) =
"C:\WINDOWS\System32\nvshell.dll" [ "NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail "
-> {HKLM...CLSID} = "YMailShellExt Class "
\InProcServer32\(Default) =
"C:\PROGRA~1\YAHOO!\COMMON\ymmapi2005010104.dll" [ "Yahoo! Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon
Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program
Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) =
"C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) =
"C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) =
"C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) =
"C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for
RealOne Player "
-> {HKLM...CLSID} = "RealOne Player Context Menu Class "
\InProcServer32\(Default) = "C:\Program
Files\Real\RealPlayer\rpshell.dll" [ "RealNetworks, Inc."]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager "
-> {HKLM...CLSID} = "Sony Ericsson File Manager "
\InProcServer32\(Default) = "C:\Program Files\Sony
Ericsson\Mobile2\File Manager\fmgrgui.dll" [ "Sony Ericsson Mobile
Communications AB"]

the combo log file is too long, so I will sent it in a new post.ok
thanks

ban

banmido · 2006/12/13

this is the log file of combo fix

hi,
I was unable to send the full message, so I wll be sending in two posts ok

ComboFix 06.11.27W - Running from: "F:\security "

((((((((((((((((((((((((((((((( Files Created from 2006-11-13 to
2006-12-13 ))))))))))))))))))))))))))))))))))

2006-12-13 23:05 <DIR> d-------- C:\!KillBox
2006-12-13 11:23 <DIR> d-------- C:\Documents and
Settings\gowri\Application Data\Talkback
2006-12-13 10:10 <DIR> d-------- C:\Program Files\DivX
2006-12-12 19:09 <DIR> d-------- C:\Documents and
Settings\gowri\Application Data\DivX
2006-12-12 19:08 116,984 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-12 19:08 115,960 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-11 23:32 <DIR> d-------- C:\SDFix
2006-12-11 23:25 <DIR> d--hs---- C:\FOUND.003
2006-12-11 21:01 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-12-11 15:35 <DIR> d--hs---- C:\FOUND.002
2006-12-11 13:59 <DIR> d--hs---- C:\FOUND.001
2006-12-11 13:31 <DIR> d-------- C:\Program Files\LIVEUPDATE
2006-12-11 13:31 <DIR> d-------- C:\Program Files\Aqua Dock
2006-12-11 13:26 <DIR> d--hs---- C:\FOUND.000
2006-12-11 12:32 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-10 19:24 <DIR> d-------- C:\Program Files\Atwill Productions
2006-12-10 18:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-12-10 18:49 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-10 18:09 <DIR> d-------- C:\WINDOWS\system32\Adobe
2006-12-10 17:47 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-10 17:45 <DIR> d-------- C:\WINDOWS\provisioning
2006-12-10 17:45 <DIR> d-------- C:\WINDOWS\peernet
2006-12-10 17:40 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-10 17:39 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll
2006-12-10 17:39 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2006-12-10 17:39 331,776 --a------ C:\WINDOWS\system32\WINHTTP.dll
2006-12-10 17:39 27,136 --a------ C:\WINDOWS\system32\pidgen.dll
2006-12-10 17:39 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2006-12-10 17:39 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2006-12-10 17:39 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-12-10 17:39 16,896 --a------ C:\WINDOWS\system32\secedit.exe
2006-12-10 17:39 158,720 --a------ C:\WINDOWS\system32\xpob2res.dll
2006-12-10 17:39 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2006-12-10 17:39 116,736 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-12-10 17:39 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-12-10 17:39 1,689,600 --a------ C:\WINDOWS\system32\d3d9.dll
2006-12-10 17:38 995,384 --a------ C:\WINDOWS\system32\mfc42u.dll
2006-12-10 17:38 995,383 --a------ C:\WINDOWS\system32\MFC42.DLL
2006-12-10 17:38 99,840 --a------ C:\WINDOWS\system32\iexpress.exe
2006-12-10 17:38 99,328 --a------ C:\WINDOWS\system32\irftp.exe
2006-12-10 17:38 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-12-10 17:38 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-10 17:38 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-12-10 17:38 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll
2006-12-10 17:38 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-10 17:38 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-12-10 17:38 97,792 --a------ C:\WINDOWS\system32\mqtgsvc.exe
2006-12-10 17:38 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-12-10 17:38 96,768 --a------ C:\WINDOWS\system32\IMM32.DLL
2006-12-10 17:38 96,256 --a------ C:\WINDOWS\system32\rcbdyctl.dll
2006-12-10 17:38 95,232 --a------ C:\WINDOWS\system32\win32spl.dll
2006-12-10 17:38 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-12-10 17:38 93,184 --a------ C:\WINDOWS\system32\scardsvr.exe
2006-12-10 17:38 927,744 --a------ C:\WINDOWS\system32\syssetup.dll
2006-12-10 17:38 922,624 --a------ C:\WINDOWS\system32\setupapi.dll
2006-12-10 17:38 92,160 --a------ C:\WINDOWS\system32\krnl386.exe
2006-12-10 17:38 91,648 --a------ C:\WINDOWS\system32\loadperf.dll
2006-12-10 17:38 91,136 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-12-10 17:38 91,136 --a------ C:\WINDOWS\system32\MSOERT2.dll
2006-12-10 17:38 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-12-10 17:38 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-12-10 17:38 9,728 --a------ C:\WINDOWS\system32\tracert.exe
2006-12-10 17:38 9,728 --a------ C:\WINDOWS\system32\regsvr32.exe
2006-12-10 17:38 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-10 17:38 9,728 --a------ C:\WINDOWS\system32\msrle32.dll
2006-12-10 17:38 9,728 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2006-12-10 17:38 89,600 --a------ C:\WINDOWS\system32\slbiop.dll
2006-12-10 17:38 89,600 --a------ C:\WINDOWS\system32\cscdll.dll
2006-12-10 17:38 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-10 17:38 88,576 --a------ C:\WINDOWS\system32\mqsec.dll
2006-12-10 17:38 88,064 --a------ C:\WINDOWS\system32\mydocs.dll
2006-12-10 17:38 87,552 --a------ C:\WINDOWS\system32\polstore.dll
2006-12-10 17:38 87,552 --a------ C:\WINDOWS\system32\occache.dll
2006-12-10 17:38 87,048 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-12-10 17:38 87,040 --a------ C:\WINDOWS\system32\srvsvc.dll
2006-12-10 17:38 86,656 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2006-12-10 17:38 86,016 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-12-10 17:38 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-12-10 17:38 85,504 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-12-10 17:38 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-12-10 17:38 84,992 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-12-10 17:38 84,992 --a------ C:\WINDOWS\system32\dskquota.dll
2006-12-10 17:38 84,992 --a------ C:\WINDOWS\system32\ahui.exe
2006-12-10 17:38 831,562 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-12-10 17:38 829,952 --a------ C:\WINDOWS\system32\tapi3.dll
2006-12-10 17:38 82,944 --a------ C:\WINDOWS\system32\rasauto.dll
2006-12-10 17:38 82,944 --a------ C:\WINDOWS\system32\netsh.exe
2006-12-10 17:38 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-10 17:38 80,896 --a------ C:\WINDOWS\system32\ntprint.dll
2006-12-10 17:38 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-12-10 17:38 80,384 --a------ C:\WINDOWS\system32\mciavi32.dll
2006-12-10 17:38 80,384 --a------ C:\WINDOWS\system32\cabview.dll
2006-12-10 17:38 80,128 --a------ C:\WINDOWS\system32\msapsspc.dll
2006-12-10 17:38 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-12-10 17:38 8,704 --a------ C:\WINDOWS\system32\lprhelp.dll
2006-12-10 17:38 8,456 --a------ C:\WINDOWS\system32\tsddd.dll
2006-12-10 17:38 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-12-10 17:38 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll
2006-12-10 17:38 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-12-10 17:38 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-12-10 17:38 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-12-10 17:38 792,064 --a------ C:\WINDOWS\system32\comres.dll
2006-12-10 17:38 79,360 --a------ C:\WINDOWS\system32\makecab.exe
2006-12-10 17:38 79,360 --a------ C:\WINDOWS\system32\diantz.exe
2006-12-10 17:38 780,928 --a------
C:\WINDOWS\system32\drivers\dmboot.sys
2006-12-10 17:38 774,144 --a------ C:\WINDOWS\system32\mmc.exe
2006-12-10 17:38 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-12-10 17:38 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-12-10 17:38 77,824 --a------ C:\WINDOWS\system32\asycfilt.dll
2006-12-10 17:38 762,368 --a------ C:\WINDOWS\system32\winntbbu.dll
2006-12-10 17:38 76,830 --a------ C:\WINDOWS\system32\drmstor.dll
2006-12-10 17:38 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-12-10 17:38 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-12-10 17:38 74,802 --a------ C:\WINDOWS\system32\atl.dll
2006-12-10 17:38 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-12-10 17:38 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-12-10 17:38 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-10 17:38 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-12-10 17:38 73,216 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-12-10 17:38 71,680 --a------ C:\WINDOWS\system32\nslookup.exe
2006-12-10 17:38 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-12-10 17:38 70,656 --a------ C:\WINDOWS\system32\wiascr.dll
2006-12-10 17:38 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2006-12-10 17:38 70,144 --a------ C:\WINDOWS\system32\tlntsess.exe
2006-12-10 17:38 70,144 --a------ C:\WINDOWS\system32\telnet.exe
2006-12-10 17:38 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-12-10 17:38 7,680 --a------ C:\WINDOWS\system32\dciman32.dll
2006-12-10 17:38 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-12-10 17:38 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2006-12-10 17:38 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-12-10 17:38 69,632 --a------ C:\WINDOWS\system32\shrpubw.exe
2006-12-10 17:38 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-12-10 17:38 69,120 --a------ C:\WINDOWS\system32\unimdmat.dll
2006-12-10 17:38 688,667 --a------ C:\WINDOWS\system32\msxml2.dll
2006-12-10 17:38 685,568 --a------ C:\WINDOWS\system32\opengl32.dll
2006-12-10 17:38 68,928 --a------ C:\WINDOWS\system32\mmsystem.dll
2006-12-10 17:38 68,928 --a------ C:\WINDOWS\system\mmsystem.dll
2006-12-10 17:38 68,608 --a------ C:\WINDOWS\system32\locator.exe
2006-12-10 17:38 68,224 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2006-12-10 17:38 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-12-10 17:38 68,096 --a------ C:\WINDOWS\system32\inetpp.dll
2006-12-10 17:38 68,096 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-12-10 17:38 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-12-10 17:38 67,584 --a------ C:\WINDOWS\system32\magnify.exe
2006-12-10 17:38 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2006-12-10 17:38 67,072 --a------ C:\WINDOWS\system32\fdeploy.dll
2006-12-10 17:38 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-12-10 17:38 66,944 --a------ C:\WINDOWS\system32\drivers\mqac.sys
2006-12-10 17:38 66,560 --a------ C:\WINDOWS\system32\SPOOLSS.DLL
2006-12-10 17:38 66,560 --a------ C:\WINDOWS\system32\scarddlg.dll
2006-12-10 17:38 66,560 --a------ C:\WINDOWS\system32\mmcbase.dll
2006-12-10 17:38 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-12-10 17:38 66,048 --a------ C:\WINDOWS\system32\notepad.exe
2006-12-10 17:38 66,048 --a------ C:\WINDOWS\system32\msw3prt.dll
2006-12-10 17:38 66,048 --a------ C:\WINDOWS\notepad.exe
2006-12-10 17:38 651,264 --a------ C:\WINDOWS\system32\ntdll.dll
2006-12-10 17:38 65,585 --a------ C:\WINDOWS\system32\wshext.dll
2006-12-10 17:38 65,536 --a------ C:\WINDOWS\system32\msctfp.dll
2006-12-10 17:38 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-10 17:38 65,536 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-12-10 17:38 65,024 --a------ C:\WINDOWS\system32\msvcrt40.dll
2006-12-10 17:38 648,192 --a------ C:\WINDOWS\system32\lsasrv.dll
2006-12-10 17:38 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-10 17:38 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-12-10 17:38 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-12-10 17:38 630,784 --a------ C:\WINDOWS\system32\rasdlg.dll
2006-12-10 17:38 62,976 --a------ C:\WINDOWS\system32\ciodm.dll
2006-12-10 17:38 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-12-10 17:38 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-12-10 17:38 62,208 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2006-12-10 17:38 614,474 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-12-10 17:38 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-10 17:38 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-10 17:38 61,952 --a------ C:\WINDOWS\system32\osuninst.dll
2006-12-10 17:38 61,952 --a------ C:\WINDOWS\system32\faultrep.dll
2006-12-10 17:38 61,440 --a------ C:\WINDOWS\system32\openfiles.exe
2006-12-10 17:38 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-12-10 17:38 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-12-10 17:38 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-12-10 17:38 61,440 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-12-10 17:38 605,696 --a------ C:\WINDOWS\system32\mqqm.dll
2006-12-10 17:38 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-12-10 17:38 60,928 --a------ C:\WINDOWS\system32\tlntsvr.exe
2006-12-10 17:38 60,928 --a------ C:\WINDOWS\system32\sti.dll
2006-12-10 17:38 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-12-10 17:38 6,656 --a------ C:\WINDOWS\system32\ntlsapi.dll
2006-12-10 17:38 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-12-10 17:38 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-12-10 17:38 6,144 --a------ C:\WINDOWS\system32\SensApi.dll
2006-12-10 17:38 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-10 17:38 596,480 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-10 17:38 593,408 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-10 17:38 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-12-10 17:38 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-12-10 17:38 589,824 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-12-10 17:38 584,704 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-12-10 17:38 58,880 --a------ C:\WINDOWS\system32\cabinet.dll
2006-12-10 17:38 58,368 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-12-10 17:38 58,368 --a------ C:\WINDOWS\system32\ipv6.exe
2006-12-10 17:38 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-12-10 17:38 578,560 --a------ C:\WINDOWS\system32\autoconv.exe
2006-12-10 17:38 577,024 --a------ C:\WINDOWS\system32\mlang.dll
2006-12-10 17:38 57,856 --a------ C:\WINDOWS\system32\nwwks.dll
2006-12-10 17:38 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-12-10 17:38 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-10 17:38 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-12-10 17:38 57,344 --a------ C:\WINDOWS\system32\admparse.dll
2006-12-10 17:38 57,216 --a------

banmido · 2006/12/13

sending files

C:\WINDOWS\system32\drivers\atmarpc.sys
2006-12-10 17:38 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-12-10 17:38 569,344 --a------ C:\WINDOWS\system32\oleaut32.dll
2006-12-10 17:38 568,832 --a------ C:\WINDOWS\system32\wiashext.dll
2006-12-10 17:38 565,760 --a------ C:\WINDOWS\system32\autochk.exe
2006-12-10 17:38 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-10 17:38 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-12-10 17:38 56,320 --a------ C:\WINDOWS\system32\miglibnt.dll
2006-12-10 17:38 558,592 --a------ C:\WINDOWS\system32\autofmt.exe
2006-12-10 17:38 557,568 --a------ C:\WINDOWS\system32\comctl32.dll
2006-12-10 17:38 553,034 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-12-10 17:38 55,808 --a------ C:\WINDOWS\system32\rasman.dll
2006-12-10 17:38 55,808 --a------ C:\WINDOWS\system32\mqlogmgr.dll
2006-12-10 17:38 55,808 --a------ C:\WINDOWS\system32\digest.dll
2006-12-10 17:38 55,296 --a------ C:\WINDOWS\system32\logman.exe
2006-12-10 17:38 549,888 --a------ C:\WINDOWS\system32\advapi32.dll
2006-12-10 17:38 548,864 --a------ C:\WINDOWS\system32\shdoclc.dll
2006-12-10 17:38 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
2006-12-10 17:38 544,256 --a------ C:\WINDOWS\system32\crypt32.dll
2006-12-10 17:38 54,784 --a------ C:\WINDOWS\system32\shimeng.dll
2006-12-10 17:38 54,784 --a------ C:\WINDOWS\system32\samlib.dll
2006-12-10 17:38 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-12-10 17:38 54,784 --a------ C:\WINDOWS\system32\cmstp.exe
2006-12-10 17:38 54,272 --a------ C:\WINDOWS\system32\rasphone.exe
2006-12-10 17:38 54,016 --a------
C:\WINDOWS\system32\drivers\arp1394.sys
2006-12-10 17:38 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-12-10 17:38 53,888 --a------
C:\WINDOWS\system32\drivers\atmlane.sys
2006-12-10 17:38 53,840 --a------ C:\WINDOWS\system32\dosx.exe
2006-12-10 17:38 53,760 --a------ C:\WINDOWS\system32\rastapi.dll
2006-12-10 17:38 53,376 --a------
C:\WINDOWS\system32\drivers\bridge.sys
2006-12-10 17:38 53,322 --a------ C:\WINDOWS\system32\msjter40.dll
2006-12-10 17:38 53,279 --a------ C:\WINDOWS\system32\odbcji32.dll
2006-12-10 17:38 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-12-10 17:38 53,248 --a------ C:\WINDOWS\system32\sendmail.dll
2006-12-10 17:38 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-12-10 17:38 53,248 --a------ C:\WINDOWS\system32\devenum.dll
2006-12-10 17:38 53,248 --a------ C:\WINDOWS\system32\cryptnet.dll
2006-12-10 17:38 53,248 --a------ C:\WINDOWS\system32\clusapi.dll
2006-12-10 17:38 524,800 --a------ C:\WINDOWS\system32\qedit.dll
2006-12-10 17:38 522,240 --a------ C:\WINDOWS\system32\printui.dll
2006-12-10 17:38 52,224 --a------ C:\WINDOWS\system32\tlntadmn.exe
2006-12-10 17:38 52,224 --a------ C:\WINDOWS\system32\rastls.dll
2006-12-10 17:38 52,224 --a------ C:\WINDOWS\system32\packager.exe
2006-12-10 17:38 512,074 --a------ C:\WINDOWS\system32\msexch40.dll
2006-12-10 17:38 51,712 --a------ C:\WINDOWS\system32\synceng.dll
2006-12-10 17:38 51,712 --a------ C:\WINDOWS\system32\dataclen.dll
2006-12-10 17:38 51,200 --a------ C:\WINDOWS\system32\spoolsv.exe
2006-12-10 17:38 51,200 --a------ C:\WINDOWS\system32\narrator.exe
2006-12-10 17:38 51,200 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-12-10 17:38 51,200 --a------ C:\WINDOWS\system32\authz.dll
2006-12-10 17:38 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-10 17:38 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-10 17:38 50,688 --a------ C:\WINDOWS\system32\msvcirt.dll
2006-12-10 17:38 50,688 --a------ C:\WINDOWS\system32\dmutil.dll
2006-12-10 17:38 50,048 --a------
C:\WINDOWS\system32\drivers\DMusic.sys
2006-12-10 17:38 5,632 --a------ C:\WINDOWS\system32\security.dll
2006-12-10 17:38 5,120 --a------ C:\WINDOWS\system32\cisvc.exe
2006-12-10 17:38 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2006-12-10 17:38 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-12-10 17:38 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-10 17:38 498,960 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-12-10 17:38 495,376 --a------ C:\WINDOWS\system32\msxml.dll
2006-12-10 17:38 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-10 17:38 49,664 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-12-10 17:38 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-12-10 17:38 49,152 --a------ C:\WINDOWS\system32\ixsso.dll
2006-12-10 17:38 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-10 17:38 488,960 --a------ C:\WINDOWS\system32\gpedit.dll
2006-12-10 17:38 486,400 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-12-10 17:38 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-12-10 17:38 48,640 --a------ C:\WINDOWS\system32\cryptext.dll
2006-12-10 17:38 48,640 --a------ C:\WINDOWS\system32\browser.dll
2006-12-10 17:38 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-12-10 17:38 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-12-10 17:38 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
2006-12-10 17:38 470,016 --a------ C:\WINDOWS\system32\cryptui.dll
2006-12-10 17:38 47,616 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-12-10 17:38 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-12-10 17:38 47,616 --a------ C:\WINDOWS\system32\eventcreate.exe
2006-12-10 17:38 47,488 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2006-12-10 17:38 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-12-10 17:38 47,104 --a------ C:\WINDOWS\system32\dssec.dll
2006-12-10 17:38 467,456 --a------ C:\WINDOWS\system32\mqutil.dll
2006-12-10 17:38 460,288 --a------ C:\WINDOWS\system32\ntmsmgr.dll
2006-12-10 17:38 46,592 --a------ C:\WINDOWS\twain_32.dll
2006-12-10 17:38 46,592 --a------ C:\WINDOWS\system32\utilman.exe
2006-12-10 17:38 46,592 --a------ C:\WINDOWS\system32\mmcshext.dll
2006-12-10 17:38 46,080 --a------ C:\WINDOWS\system32\mslbui.dll
2006-12-10 17:38 454,656 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-10 17:38 45,632 --a------ C:\WINDOWS\system32\cliconfg.exe
2006-12-10 17:38 45,568 --a------ C:\WINDOWS\system32\smss.exe
2006-12-10 17:38 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-12-10 17:38 45,568 --a------ C:\WINDOWS\system32\cnbjmon.dll
2006-12-10 17:38 45,056 --a------ C:\WINDOWS\system32\proquota.exe
2006-12-10 17:38 45,056 --a------ C:\WINDOWS\system32\docprop2.dll
2006-12-10 17:38 45,056 --a------ C:\WINDOWS\system32\cipher.exe
2006-12-10 17:38 45,056 --a------ C:\WINDOWS\system32\camocx.dll
2006-12-10 17:38 45,056 --a------ C:\WINDOWS\system32\basesrv.dll
2006-12-10 17:38 449,536 --a------ C:\WINDOWS\system32\wiadefui.dll
2006-12-10 17:38 442,398 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-12-10 17:38 44,928 --a------
C:\WINDOWS\system32\drivers\classpnp.sys
2006-12-10 17:38 44,544 --a------ C:\WINDOWS\system32\mqupgrd.dll
2006-12-10 17:38 44,160 --a------ C:\WINDOWS\system32\kd1394.dll
2006-12-10 17:38 44,032 --a------ C:\WINDOWS\system32\msident.dll
2006-12-10 17:38 44,032 --a------ C:\WINDOWS\system32\mqdscli.dll
2006-12-10 17:38 44,032 --a------ C:\WINDOWS\system32\dnsrslvr.dll
2006-12-10 17:38 436,736 --a------ C:\WINDOWS\system32\certmgr.dll
2006-12-10 17:38 43,008 --a------ C:\WINDOWS\system32\ssmypics.scr
2006-12-10 17:38 426,496 --a------ C:\WINDOWS\system32\RichEd20.dll
2006-12-10 17:38 421,962 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-12-10 17:38 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-12-10 17:38 419,840 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-12-10 17:38 414,720 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-12-10 17:38 411,136 --a------ C:\WINDOWS\system32\samsrv.dll
2006-12-10 17:38 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-10 17:38 41,984 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-12-10 17:38 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-12-10 17:38 40,960 --a------ C:\WINDOWS\system32\tcpmonui.dll
2006-12-10 17:38 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-12-10 17:38 40,960 --a------ C:\WINDOWS\system32\extrac32.exe
2006-12-10 17:38 40,960 --a------ C:\WINDOWS\system32\alg.exe
2006-12-10 17:38 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-10 17:38 40,448 --a------ C:\WINDOWS\system32\tcpmon.dll
2006-12-10 17:38 40,448 --a------ C:\WINDOWS\system32\ftp.exe
2006-12-10 17:38 4,608 --a------ C:\WINDOWS\system32\mqsvc.exe
2006-12-10 17:38 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-12-10 17:38 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-10 17:38 4,096 --a------ C:\WINDOWS\system32\winver.exe
2006-12-10 17:38 4,096 --a------ C:\WINDOWS\system32\nddeapir.exe
2006-12-10 17:38 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-12-10 17:38 4,096 --a------ C:\WINDOWS\system32\actmovie.exe
2006-12-10 17:38 395,776 --a------ C:\WINDOWS\system32\ntvdm.exe
2006-12-10 17:38 392,192 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-12-10 17:38 39,936 --a------ C:\WINDOWS\system32\htui.dll
2006-12-10 17:38 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-12-10 17:38 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-12-10 17:38 387,584 --a------ C:\WINDOWS\system32\regwizc.dll
2006-12-10 17:38 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-10 17:38 383,488 --a------ C:\WINDOWS\system32\themeui.dll
2006-12-10 17:38 382,976 --a------ C:\WINDOWS\system32\qdvd.dll
2006-12-10 17:38 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-12-10 17:38 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-12-10 17:38 379,152 --a------ C:\WINDOWS\system32\expsrv.dll
2006-12-10 17:38 377,856 --a------ C:\WINDOWS\system32\dpnet.dll
2006-12-10 17:38 375,808 --a------ C:\WINDOWS\system32\cmd.exe
2006-12-10 17:38 37,888 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-12-10 17:38 37,888 --a------ C:\WINDOWS\system32\pstorec.dll
2006-12-10 17:38 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-12-10 17:38 37,888 --a------ C:\WINDOWS\system32\grpconv.exe
2006-12-10 17:38 37,888 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-12-10 17:38 37,376 --a------ C:\WINDOWS\system32\perfctrs.dll
2006-12-10 17:38 37,376 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-12-10 17:38 365,568 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-10 17:38 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-12-10 17:38 364,032 --a------ C:\WINDOWS\system32\ipsmsnap.dll
2006-12-10 17:38 363,520 --a------ C:\WINDOWS\system32\dsound.dll
2006-12-10 17:38 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2006-12-10 17:38 361,472 --a------ C:\WINDOWS\system32\fontext.dll
2006-12-10 17:38 36,921 --a------ C:\WINDOWS\system32\imeshare.dll
2006-12-10 17:38 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dLL
2006-12-10 17:38 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-12-10 17:38 36,352 --a------ C:\WINDOWS\system32\cmutil.dll
2006-12-10 17:38 356,352 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-12-10 17:38 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-12-10 17:38 35,840 --a------ C:\WINDOWS\system32\rshx32.dll
2006-12-10 17:38 35,840 --a------ C:\WINDOWS\system32\cmmon32.exe
2006-12-10 17:38 35,840 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-12-10 17:38 35,632 --a------ C:\WINDOWS\system32\ntio411.sys
2006-12-10 17:38 35,392 --a------ C:\WINDOWS\system32\ntio412.sys
2006-12-10 17:38 348,238 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-12-10 17:38 348,234 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-12-10 17:38 346,624 --a------ C:\WINDOWS\system32\tourstart.exe
2006-12-10 17:38 344,138 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-12-10 17:38 343,552 --a------ C:\WINDOWS\system32\termmgr.dll
2006-12-10 17:38 34,528 --a------ C:\WINDOWS\system32\ntio804.sys
2006-12-10 17:38 34,528 --a------ C:\WINDOWS\system32\ntio404.sys
2006-12-10 17:38 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-12-10 17:38 34,304 --a------ C:\WINDOWS\system32\raschap.dll
2006-12-10 17:38 34,304 --a------ C:\WINDOWS\system32\msgsvc.dll
2006-12-10 17:38 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-12-10 17:38 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-10 17:38 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-12-10 17:38 332,800 --a------ C:\WINDOWS\system32\ipsecsnp.dll
2006-12-10 17:38 332,288 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-12-10 17:38 33,808 --a------ C:\WINDOWS\system32\ntio.sys
2006-12-10 17:38 33,664 --a------ C:\WINDOWS\system32\drivers\disk.sys
2006-12-10 17:38 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-12-10 17:38 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-12-10 17:38 323,072 --a------ C:\WINDOWS\system32\netsetup.exe
2006-12-10 17:38 323,072 --a------ C:\WINDOWS\system32\filemgmt.dll
2006-12-10 17:38 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-12-10 17:38 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-10 17:38 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-12-10 17:38 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-10 17:38 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-10 17:38 32,256 --a------ C:\WINDOWS\system32\perfproc.dll
2006-12-10 17:38 32,000 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2006-12-10 17:38 319,562 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-12-10 17:38 318,976 --a------ C:\WINDOWS\system32\ippromon.dll
2006-12-10 17:38 316,928 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-12-10 17:38 315,904 --a------ C:\WINDOWS\system32\hnetwiz.dll
2006-12-10 17:38 315,466 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-12-10 17:38 314,880 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-12-10 17:38 314,368 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-10 17:38 31,744 --a------ C:\WINDOWS\system32\umandlg.dll
2006-12-10 17:38 31,744 --a------ C:\WINDOWS\system32\RUNDLL32.EXE
2006-12-10 17:38 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-12-10 17:38 31,360 --a------
C:\WINDOWS\system32\drivers\crusoe.sys
2006-12-10 17:38 31,232 --a------ C:\WINDOWS\system32\wpabaln.exe
2006-12-10 17:38 31,232 --a------ C:\WINDOWS\system32\inetmib1.dll
2006-12-10 17:38 308,736 --a------ C:\WINDOWS\system32\licdll.dll
2006-12-10 17:38 305,664 --a------ C:\WINDOWS\system32\cscui.dll
2006-12-10 17:38 302,080 --a------ C:\WINDOWS\system32\untfs.dll
2006-12-10 17:38 30,992 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-12-10 17:38 30,720 --a------ C:\WINDOWS\system32\netstat.exe
2006-12-10 17:38 30,720 --a------ C:\WINDOWS\system32\clipsrv.exe
2006-12-10 17:38 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-12-10 17:38 30,208 --a------ C:\WINDOWS\system32\dumprep.exe
2006-12-10 17:38 3,584 --a------ C:\WINDOWS\system32\msafd.dll
2006-12-10 17:38 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-12-10 17:38 3,072 --a------ C:\WINDOWS\system32\icmp.dll
2006-12-10 17:38 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-12-10 17:38 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-12-10 17:38 298,496 --a------ C:\WINDOWS\system32\wmstream.dll
2006-12-10 17:38 294,912 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-12-10 17:38 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-12-10 17:38 293,888 --a------ C:\WINDOWS\system32\MSCTF.dll
2006-12-10 17:38 292,352 --a------ C:\WINDOWS\system32\localspl.dll
2006-12-10 17:38 29,696 --a------ C:\WINDOWS\system32\rtipxmib.dll
2006-12-10 17:38 29,184 --a------ C:\WINDOWS\system32\wpnpinst.exe
2006-12-10 17:38 29,184 --a------ C:\WINDOWS\system32\csrsrv.dll
2006-12-10 17:38 29,184 --a------ C:\WINDOWS\system32\cryptdll.dll
2006-12-10 17:38 28,721 --a------ C:\WINDOWS\system32\wshcon.dll
2006-12-10 17:38 28,672 --a------ C:\WINDOWS\system32\sethc.exe
2006-12-10 17:38 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-12-10 17:38 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-12-10 17:38 28,160 --a------ C:\WINDOWS\system32\xcopy.exe
2006-12-10 17:38 28,160 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-12-10 17:38 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-12-10 17:38 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
2006-12-10 17:38 276,480 --a------ C:\WINDOWS\system32\slbcsp.dll
2006-12-10 17:38 276,480 --a------ C:\WINDOWS\system32\qdv.dll
2006-12-10 17:38 275,456 --a------ C:\WINDOWS\system32\vssvc.exe
2006-12-10 17:38 274,432 --a------ C:\WINDOWS\system32\wmasf.dll
2006-12-10 17:38 272,768 --a------ C:\WINDOWS\system32\atmfd.dll
2006-12-10 17:38 271,360 --a------ C:\WINDOWS\system32\objsel.dll
2006-12-10 17:38 270,365 --a------ C:\WINDOWS\system32\odbcjt32.dll
2006-12-10 17:38 27,136 --a------ C:\WINDOWS\system32\sendcmsg.dll
2006-12-10 17:38 27,136 --a------ C:\WINDOWS\system32\mspatcha.dll
2006-12-10 17:38 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-12-10 17:38 27,136 --a------ C:\WINDOWS\system32\ddeshare.exe
2006-12-10 17:38 27,136 --a------ C:\WINDOWS\system32\batmeter.dll
2006-12-10 17:38 27,136 --a------ C:\WINDOWS\system32\atmlib.dll
2006-12-10 17:38 27,136 --a------ C:\WINDOWS\system32\asr_fmt.exe
2006-12-10 17:38 268,800 --a------ C:\WINDOWS\system32\ulib.dll
2006-12-10 17:38 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-12-10 17:38 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-12-10 17:38 265,728 --a------ C:\WINDOWS\system32\ddraw.dll
2006-12-10 17:38 263,680 --a------ C:\WINDOWS\system32\devmgr.dll
2006-12-10 17:38 261,120 --a------ C:\WINDOWS\system32\duser.dll
2006-12-10 17:38 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-12-10 17:38 26,240 --a------ C:\WINDOWS\system32\drivers\fdc.sys
2006-12-10 17:38 258,560 --a------ C:\WINDOWS\system32\webcheck.dll
2006-12-10 17:38 258,424 --a------ C:\WINDOWS\system32\qasf.dll
2006-12-10 17:38 258,048 --a------ C:\WINDOWS\system32\drmclien.dll
2006-12-10 17:38 258,048 --a------ C:\WINDOWS\system32\comdlg32.dll
2006-12-10 17:38 254,026 --a------ C:\WINDOWS\system32\mstext40.dll
2006-12-10 17:38 253,952 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-12-10 17:38 253,952 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-12-10 17:38 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-12-10 17:38 250,880 --a------ C:\WINDOWS\system32\pdh.dll
2006-12-10 17:38 25,600 --a------ C:\WINDOWS\system32\WINIPSEC.DLL
2006-12-10 17:38 25,088 --a------ C:\WINDOWS\system32\findstr.exe
2006-12-10 17:38 25,088 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-12-10 17:38 249,856 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-10 17:38 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2006-12-10 17:38 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-12-10 17:38 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-12-10 17:38 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-10 17:38 24,576 --a------ C:\WINDOWS\system32\logagent.exe
2006-12-10 17:38 24,576 --a------ C:\WINDOWS\system32\efsadu.dll
2006-12-10 17:38 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-12-10 17:38 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-12-10 17:38 24,064 --a------ C:\WINDOWS\system32\vdmdbg.dll
2006-12-10 17:38 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-12-10 17:38 24,064 --a------ C:\WINDOWS\system32\mshta.exe
2006-12-10 17:38 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-12-10 17:38 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-12-10 17:38 238,592 --a------ C:\WINDOWS\system32\compatUI.dll
2006-12-10 17:38 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-12-10 17:38 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-12-10 17:38 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-12-10 17:38 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-12-10 17:38 232,448 --a------ C:\WINDOWS\system32\msieftp.dll
2006-12-10 17:38 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
2006-12-10 17:38 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-12-10 17:38 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-12-10 17:38 23,552 --a------ C:\WINDOWS\system32\perfdisk.dll
2006-12-10 17:38 23,040 --a------ C:\WINDOWS\system32\shscrap.dll
2006-12-10 17:38 23,040 --a------ C:\WINDOWS\system32\proxycfg.exe
2006-12-10 17:38 23,040 --a------ C:\WINDOWS\system32\perfos.dll
2006-12-10 17:38 23,040 --a------ C:\WINDOWS\system32\iernonce.dll
2006-12-10 17:38 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-10 17:38 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-12-10 17:38 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-12-10 17:38 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-10 17:38 222,208 --a------ C:\WINDOWS\system32\compstui.dll
2006-12-10 17:38 22,528 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-12-10 17:38 22,528 --a------ C:\WINDOWS\system32\SHFOLDER.dll
2006-12-10 17:38 22,528 --a------ C:\WINDOWS\system32\HID.DLL
2006-12-10 17:38 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-12-10 17:38 22,016 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-12-10 17:38 22,016 --a------ C:\WINDOWS\system32\mciwave.dll
2006-12-10 17:38 22,016 --a------ C:\WINDOWS\system32\ipxroute.exe
2006-12-10 17:38 22,016 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-12-10 17:38 22,016 --a------ C:\WINDOWS\system32\davclnt.dll
2006-12-10 17:38 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-12-10 17:38 218,624 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-10 17:38 214,528 --a------ C:\WINDOWS\system32\rasapi32.dll
2006-12-10 17:38 214,016 --a------ C:\WINDOWS\system32\mqoa.dll
2006-12-10 17:38 213,066 --a------ C:\WINDOWS\system32\msltus40.dll
2006-12-10 17:38 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-12-10 17:38 210,432 --a------ C:\WINDOWS\system32\oakley.DLL
2006-12-10 17:38 21,504 --a------ C:\WINDOWS\system32\userinit.exe
2006-12-10 17:38 21,504 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-12-10 17:38 21,504 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-12-10 17:38 21,504 --a------ C:\WINDOWS\system32\dmserver.dll
2006-12-10 17:38 209,920 --a------ C:\WINDOWS\system32\msutb.dll
2006-12-10 17:38 205,824 --a------ C:\WINDOWS\system32\progman.exe
2006-12-10 17:38 204,800 --a------ C:\WINDOWS\system32\dmadmin.exe
2006-12-10 17:38 204,800 --a------ C:\WINDOWS\system32\blackbox.dll
2006-12-10 17:38 203,776 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-12-10 17:38 203,264 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-12-10 17:38 202,752 --a------ C:\WINDOWS\system32\localsec.dll
2006-12-10 17:38 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-12-10 17:38 20,992 --a------ C:\WINDOWS\system32\mfcsubs.dll
2006-12-10 17:38 20,992 --a------ C:\WINDOWS\system32\mciseq.dll
2006-12-10 17:38 20,554 --a------ C:\WINDOWS\system32\odtext32.dll
2006-12-10 17:38 20,554 --a------ C:\WINDOWS\system32\oddbse32.dll
2006-12-10 17:38 20,553 --a------ C:\WINDOWS\system32\odpdx32.dll
2006-12-10 17:38 20,553 --a------ C:\WINDOWS\system32\odfox32.dll
2006-12-10 17:38 20,553 --a------ C:\WINDOWS\system32\odexl32.dll
2006-12-10 17:38 20,480 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-12-10 17:38 20,480 --a------ C:\WINDOWS\system32\stimon.exe
2006-12-10 17:38 20,480 --a------ C:\WINDOWS\system32\msorc32r.dll
2006-12-10 17:38 2,816 --a------
C:\WINDOWS\system32\drivers\drmkaud.sys
2006-12-10 17:38 2,028,032 --a------ C:\WINDOWS\system32\cdosys.dll
2006-12-10 17:38 198,656 --a------ C:\WINDOWS\system32\t2embed.dll
2006-12-10 17:38 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-12-10 17:38 194,560 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-12-10 17:38 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-12-10 17:38 19,968 --a------ C:\WINDOWS\system32\rcp.exe
2006-12-10 17:38 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-12-10 17:38 19,712 --a------
C:\WINDOWS\system32\drivers\flpydisk.sys
2006-12-10 17:38 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-12-10 17:38 19,456 --a------ C:\WINDOWS\system32\savedump.exe
2006-12-10 17:38 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-12-10 17:38 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-12-10 17:38 185,344 --a------ C:\WINDOWS\system32\moricons.dll
2006-12-10 17:38 184,320 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-12-10 17:38 184,320 --a------ C:\WINDOWS\system32\dmdskmgr.dll
2006-12-10 17:38 184,320 --a------ C:\WINDOWS\system32\certcli.dll
2006-12-10 17:38 183,296 --a------ C:\WINDOWS\system32\syncui.dll
2006-12-10 17:38 181,760 --a------ C:\WINDOWS\system32\activeds.dll
2006-12-10 17:38 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-12-10 17:38 180,800 --a------ C:\WINDOWS\system32\sqlunirl.dll
2006-12-10 17:38 18,944 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-12-10 17:38 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-12-10 17:38 18,944 --a------ C:\WINDOWS\system32\lpk.dll
2006-12-10 17:38 18,944 --a------ C:\WINDOWS\system32\fontview.exe
2006-12-10 17:38 18,432 --a------ C:\WINDOWS\system32\sclgntfy.dll
2006-12-10 17:38 18,432 --a------ C:\WINDOWS\system32\rsmps.dll
2006-12-10 17:38 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-10 17:38 18,432 --a------ C:\WINDOWS\system32\feclient.dll
2006-12-10 17:38 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-12-10 17:38 179,712 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-12-10 17:38 179,200 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2006-12-10 17:38 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-10 17:38 178,688 --a------ C:\WINDOWS\system32\gptext.dll
2006-12-10 17:38 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-12-10 17:38 177,152 --a------ C:\WINDOWS\system32\qcap.dll
2006-12-10 17:38 175,104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-12-10 17:38 174,592 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-12-10 17:38 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-12-10 17:38 173,568 --a------ C:\WINDOWS\system32\els.dll
2006-12-10 17:38 172,032 --a------ C:\WINDOWS\system32\snmpsnap.dll
2006-12-10 17:38 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-12-10 17:38 17,920 --a------ C:\WINDOWS\system32\shutdown.exe
2006-12-10 17:38 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-12-10 17:38 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-10 17:38 17,408 --a------ C:\WINDOWS\system32\mqbkup.exe
2006-12-10 17:38 17,408 --a------ C:\WINDOWS\system32\ersvc.dll
2006-12-10 17:38 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-12-10 17:38 168,960 --a------

this is the second file of the combofix.txt

thanks
ban

banmido · 2006/12/13

this is the third one, log is actually huge

2006-12-10 17:38 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-12-10 17:38 166,912 --a------ C:\WINDOWS\system32\photowiz.dll
2006-12-10 17:38 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-12-10 17:38 165,744 --a------ C:\WINDOWS\system32\xenroll.dll
2006-12-10 17:38 164,864 --a------ C:\WINDOWS\system32\mqrt.dll
2006-12-10 17:38 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
2006-12-10 17:38 162,816 --a------ C:\WINDOWS\system32\upnphost.dll
2006-12-10 17:38 162,128 --a------ C:\WINDOWS\system32\dwwin.exe
2006-12-10 17:38 161,792 --a------ C:\WINDOWS\system32\credui.dll
2006-12-10 17:38 160,768 --a------ C:\WINDOWS\system32\adsldp.dll
2006-12-10 17:38 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-12-10 17:38 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-12-10 17:38 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-12-10 17:38 16,896 --a------ C:\WINDOWS\system32\cfgmgr32.dll
2006-12-10 17:38 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-12-10 17:38 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-12-10 17:38 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-12-10 17:38 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-12-10 17:38 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-12-10 17:38 16,384 --a------
C:\WINDOWS\system32\drivers\ccdecode.sys
2006-12-10 17:38 156,672 --a------ C:\WINDOWS\system32\msimtf.dll
2006-12-10 17:38 155,675 --a------ C:\WINDOWS\system32\scrobj.dll
2006-12-10 17:38 155,648 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-12-10 17:38 155,648 --a------
C:\WINDOWS\system32\drivers\nwrdr.sys
2006-12-10 17:38 155,648 --a------ C:\WINDOWS\system32\appmgmts.dll
2006-12-10 17:38 152,576 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-12-10 17:38 151,626 --a------ C:\WINDOWS\system32\msjint40.dll
2006-12-10 17:38 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-12-10 17:38 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-10 17:38 15,872 --a------ C:\WINDOWS\system32\dvdupgrd.exe
2006-12-10 17:38 15,872 --a------ C:\WINDOWS\system32\alrsvc.dll
2006-12-10 17:38 15,360 --a------ C:\WINDOWS\system32\LINKINFO.dll
2006-12-10 17:38 147,483 --a------ C:\WINDOWS\system32\scrrun.dll
2006-12-10 17:38 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-12-10 17:38 146,432 --a------ C:\WINDOWS\system32\keymgr.dll
2006-12-10 17:38 146,304 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2006-12-10 17:38 145,920 --a------ C:\WINDOWS\system32\diskpart.exe
2006-12-10 17:38 145,408 --a------ C:\WINDOWS\system32\modemui.dll
2006-12-10 17:38 144,896 --a------ C:\WINDOWS\system32\initpki.dll
2006-12-10 17:38 144,768 --a------
C:\WINDOWS\system32\drivers\fastfat.sys
2006-12-10 17:38 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2006-12-10 17:38 14,877 --a------ C:\WINDOWS\system32\corpol.dll
2006-12-10 17:38 14,848 --a------ C:\WINDOWS\system32\usbmon.dll
2006-12-10 17:38 14,848 --a------ C:\WINDOWS\system32\upnpcont.exe
2006-12-10 17:38 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-10 17:38 14,848 --a------ C:\WINDOWS\system32\powrprof.dll
2006-12-10 17:38 14,848 --a------ C:\WINDOWS\system32\ping.exe
2006-12-10 17:38 14,848 --a------ C:\WINDOWS\system32\mqise.dll
2006-12-10 17:38 14,848 --a------ C:\WINDOWS\system32\bidispl.dll
2006-12-10 17:38 14,592 --a------ C:\WINDOWS\system32\watchdog.sys
2006-12-10 17:38 14,336 --a------ C:\WINDOWS\system32\perfmon.exe
2006-12-10 17:38 14,336 --a------ C:\WINDOWS\system32\inetppui.dll
2006-12-10 17:38 14,336 --a------ C:\WINDOWS\system32\dmremote.exe
2006-12-10 17:38 139,264 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-12-10 17:38 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-12-10 17:38 137,216 --a------ C:\WINDOWS\system32\hotplug.dll
2006-12-10 17:38 136,704 --a------ C:\WINDOWS\system32\schannel.dll
2006-12-10 17:38 135,680 --a------ C:\WINDOWS\system32\mobsync.exe
2006-12-10 17:38 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-10 17:38 134,656 --a------ C:\WINDOWS\system32\netid.dll
2006-12-10 17:38 134,144 --a------ C:\WINDOWS\regedit.exe
2006-12-10 17:38 133,632 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-12-10 17:38 132,096 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-12-10 17:38 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-12-10 17:38 131,072 --a------ C:\WINDOWS\system32\dsprop.dll
2006-12-10 17:38 130,688 --a------ C:\WINDOWS\system32\drivers\afd.sys
2006-12-10 17:38 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-10 17:38 13,824 --a------ C:\WINDOWS\system32\wship6.dll
2006-12-10 17:38 13,824 --a------ C:\WINDOWS\system32\uniplat.dll
2006-12-10 17:38 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-12-10 17:38 13,568 --a------
C:\WINDOWS\system32\drivers\asyncmac.sys
2006-12-10 17:38 13,312 --a------ C:\WINDOWS\system32\tcpmib.dll
2006-12-10 17:38 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-12-10 17:38 13,312 --a------ C:\WINDOWS\system32\rsh.exe
2006-12-10 17:38 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-12-10 17:38 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-12-10 17:38 13,184 --a------
C:\WINDOWS\system32\drivers\diskdump.sys
2006-12-10 17:38 129,024 --a------ C:\WINDOWS\system32\mqad.dll
2006-12-10 17:38 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-12-10 17:38 127,552 --a------ C:\WINDOWS\system32\cliconfg.dll
2006-12-10 17:38 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-12-10 17:38 126,976 --a------ C:\WINDOWS\system32\imagehlp.dll
2006-12-10 17:38 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-12-10 17:38 126,464 --a------ C:\WINDOWS\system32\shmedia.dll
2006-12-10 17:38 125,952 --a------ C:\WINDOWS\system32\ifmon.dll
2006-12-10 17:38 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-12-10 17:38 124,928 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-12-10 17:38 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-10 17:38 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-12-10 17:38 122,880 --a------ C:\WINDOWS\system32\dssenh.dll
2006-12-10 17:38 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-12-10 17:38 122,368 --a------ C:\WINDOWS\system32\itss.dll
2006-12-10 17:38 121,344 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-12-10 17:38 120,832 --a------ C:\WINDOWS\system32\wkssvc.dll
2006-12-10 17:38 12,800 --a------ C:\WINDOWS\system32\pjlmon.dll
2006-12-10 17:38 12,800 --a------ C:\WINDOWS\system32\mgmtapi.dll
2006-12-10 17:38 12,800 --a------ C:\WINDOWS\system32\mcastmib.dll
2006-12-10 17:38 12,288 --a------ C:\WINDOWS\system32\runonce.exe
2006-12-10 17:38 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-10 17:38 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-12-10 17:38 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dLL
2006-12-10 17:38 12,288 --a------ C:\WINDOWS\system32\lmhsvc.dll
2006-12-10 17:38 12,288 --a------ C:\WINDOWS\system32\cmcfg32.dll
2006-12-10 17:38 118,834 --a------ C:\WINDOWS\system32\wscript.exe
2006-12-10 17:38 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-12-10 17:38 118,784 --a------ C:\WINDOWS\system32\imapi.exe
2006-12-10 17:38 118,272 --a------ C:\WINDOWS\system32\wiadss.dll
2006-12-10 17:38 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-12-10 17:38 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-10 17:38 116,736 --a------ C:\WINDOWS\system32\glu32.dll
2006-12-10 17:38 116,272 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-12-10 17:38 116,224 --a------ C:\WINDOWS\system32\iasrad.dll
2006-12-10 17:38 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-12-10 17:38 115,200 --a------ C:\WINDOWS\system32\mqrtdep.dll
2006-12-10 17:38 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
2006-12-10 17:38 113,152 --a------ C:\WINDOWS\system32\MSVFW32.dll
2006-12-10 17:38 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-12-10 17:38 111,616 --a------ C:\WINDOWS\system32\gpresult.exe
2006-12-10 17:38 110,592 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-12-10 17:38 110,592 --a------ C:\WINDOWS\system32\idq.dll
2006-12-10 17:38 110,592 --a------ C:\WINDOWS\system32\iccvid.dll
2006-12-10 17:38 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-10 17:38 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-12-10 17:38 11,776 --a------ C:\WINDOWS\system32\rexec.exe
2006-12-10 17:38 11,776 --a------ C:\WINDOWS\system32\drprov.dll
2006-12-10 17:38 11,392 --a------
C:\WINDOWS\system32\drivers\bdasup.sys
2006-12-10 17:38 109,568 --a------ C:\WINDOWS\system32\defrag.exe
2006-12-10 17:38 108,544 --a------ C:\WINDOWS\system32\mdminst.dll
2006-12-10 17:38 108,032 --a------ C:\WINDOWS\system32\msv1_0.dll
2006-12-10 17:38 107,008 --a------ C:\WINDOWS\system32\aclui.dll
2006-12-10 17:38 106,496 --a------ C:\WINDOWS\system32\OLEPRO32.DLL
2006-12-10 17:38 106,496 --a------ C:\WINDOWS\system32\dsuiext.dll
2006-12-10 17:38 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2006-12-10 17:38 104,448 --a------ C:\WINDOWS\system32\wiavideo.dll
2006-12-10 17:38 104,448 --a------ C:\WINDOWS\system32\input.dll
2006-12-10 17:38 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-12-10 17:38 104,448 --a------ C:\WINDOWS\system32\apphelp.dll
2006-12-10 17:38 103,936 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-12-10 17:38 103,424 --a------ C:\WINDOWS\system32\rsnotify.exe
2006-12-10 17:38 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-12-10 17:38 102,450 --a------ C:\WINDOWS\system32\cscript.exe
2006-12-10 17:38 102,400 --a------ C:\WINDOWS\system32\offfilt.dll
2006-12-10 17:38 101,376 --a------ C:\WINDOWS\system32\services.exe
2006-12-10 17:38 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-12-10 17:38 10,752 --a------ C:\WINDOWS\hh.exe
2006-12-10 17:38 10,240 --a------ C:\WINDOWS\system32\WshRm.dll
2006-12-10 17:38 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-12-10 17:38 10,240 --a------ C:\WINDOWS\system32\atmadm.exe
2006-12-10 17:38 1,998,848 --a------ C:\WINDOWS\system32\wmploc.dll
2006-12-10 17:38 1,799,552 --a------ C:\WINDOWS\system32\win32k.sys
2006-12-10 17:38 1,562,112 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-12-10 17:38 1,503,260 --a------ C:\WINDOWS\system32\msjet40.dll
2006-12-10 17:38 1,392,640 --a------ C:\WINDOWS\system32\wmpui.dll
2006-12-10 17:38 1,388,544 --a------ C:\WINDOWS\system32\msvbvm60.dll
2006-12-10 17:38 1,337,856 --a------ C:\WINDOWS\system32\query.dll
2006-12-10 17:38 1,302,528 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-12-10 17:38 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-12-10 17:38 1,246,208 --a------ C:\WINDOWS\system32\quartz.dll
2006-12-10 17:38 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-12-10 17:38 1,216,512 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-10 17:38 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-12-10 17:38 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-12-10 17:38 1,177,088 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-10 17:38 1,136,128 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-12-10 17:38 1,135,616 --a------ C:\WINDOWS\system32\ntbackup.exe
2006-12-10 17:38 1,118,720 --a------ C:\WINDOWS\system32\msxml3.dll
2006-12-10 17:38 1,000,960 --a------ C:\WINDOWS\explorer.exe
2006-12-10 17:37 89,984 --a------
C:\WINDOWS\system32\drivers\scsiport.sys
2006-12-10 17:37 88,320 --a------
C:\WINDOWS\system32\drivers\ndiswan.sys
2006-12-10 17:37 84,864 --a------
C:\WINDOWS\system32\drivers\nwlnkipx.sys
2006-12-10 17:37 83,968 --a------
C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-12-10 17:37 802,816 --------- C:\WINDOWS\system32\dxmrtp.dll
2006-12-10 17:37 79,744 --a------
C:\WINDOWS\system32\drivers\ksecdd.sys
2006-12-10 17:37 79,616 --a------
C:\WINDOWS\system32\drivers\wdmaud.sys
2006-12-10 17:37 76,288 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2006-12-10 17:37 76,160 --a------
C:\WINDOWS\system32\drivers\parport.sys
2006-12-10 17:37 74,240 --------- C:\WINDOWS\system32\msdvdopt.dll
2006-12-10 17:37 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-12-10 17:37 7,424 --a------
C:\WINDOWS\system32\drivers\mskssrv.sys
2006-12-10 17:37 65,920 --a------
C:\WINDOWS\system32\drivers\psched.sys
2006-12-10 17:37 65,024 --a------
C:\WINDOWS\system32\drivers\videoprt.sys
2006-12-10 17:37 63,872 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2006-12-10 17:37 62,464 --a------
C:\WINDOWS\system32\drivers\serial.sys
2006-12-10 17:37 62,464 --a------ C:\WINDOWS\system32\drivers\pci.sys
2006-12-10 17:37 62,208 --a------ C:\WINDOWS\system32\drivers\mf.sys
2006-12-10 17:37 57,472 --a------
C:\WINDOWS\system32\drivers\sysaudio.sys
2006-12-10 17:37 56,960 --a------
C:\WINDOWS\system32\drivers\nic1394.sys
2006-12-10 17:37 56,064 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2006-12-10 17:37 550,400 --------- C:\WINDOWS\system32\rtcdll.dll
2006-12-10 17:37 55,808 --a------
C:\WINDOWS\system32\drivers\redbook.sys
2006-12-10 17:37 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
2006-12-10 17:37 533,504 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2006-12-10 17:37 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-12-10 17:37 50,944 --a------
C:\WINDOWS\system32\drivers\i8042prt.sys
2006-12-10 17:37 50,688 --a------
C:\WINDOWS\system32\drivers\usbhub.sys
2006-12-10 17:37 5,632 --a------
C:\WINDOWS\system32\drivers\splitter.sys
2006-12-10 17:37 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2006-12-10 17:37 5,248 --a------
C:\WINDOWS\system32\drivers\mspclock.sys
2006-12-10 17:37 49,152 --a------
C:\WINDOWS\system32\drivers\volsnap.sys
2006-12-10 17:37 48,640 --a------
C:\WINDOWS\system32\drivers\rasl2tp.sys
2006-12-10 17:37 48,512 --a------
C:\WINDOWS\system32\drivers\stream.sys
2006-12-10 17:37 47,104 --------- C:\WINDOWS\system32\mspmspsv.dll
2006-12-10 17:37 46,208 --a------
C:\WINDOWS\system32\drivers\raspptp.sys
2006-12-10 17:37 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-12-10 17:37 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2006-12-10 17:37 391,936 --a------
C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-12-10 17:37 39,296 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2006-12-10 17:37 38,912 --a------
C:\WINDOWS\system32\drivers\raspppoe.sys
2006-12-10 17:37 37,896 --a------
C:\WINDOWS\system32\drivers\termdd.sys
2006-12-10 17:37 37,760 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2006-12-10 17:37 37,504 --a------
C:\WINDOWS\system32\drivers\mountmgr.sys
2006-12-10 17:37 364,544 --------- C:\WINDOWS\system32\mstvca.dll
2006-12-10 17:37 34,816 --a------ C:\WINDOWS\system32\drivers\p3.sys
2006-12-10 17:37 33,792 --a------ C:\WINDOWS\system32\drivers\msgpc.sys
2006-12-10 17:37 33,280 --a------
C:\WINDOWS\system32\drivers\wanarp.sys
2006-12-10 17:37 33,152 --a------
C:\WINDOWS\system32\drivers\netbios.sys
2006-12-10 17:37 33,152 --a------
C:\WINDOWS\system32\drivers\hidclass.sys
2006-12-10 17:37 327,168 --a------
C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-10 17:37 322,304 --a------ C:\WINDOWS\system32\drivers\srv.sys
2006-12-10 17:37 308,736 --------- C:\WINDOWS\system32\mstvgs.dll
2006-12-10 17:37 30,592 --a------
C:\WINDOWS\system32\drivers\processr.sys
2006-12-10 17:37 29,568 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2006-12-10 17:37 28,800 --a------ C:\WINDOWS\system32\drivers\modem.sys
2006-12-10 17:37 27,648 --a------
C:\WINDOWS\system32\drivers\rndismp.sys
2006-12-10 17:37 24,960 --a------
C:\WINDOWS\system32\drivers\usbccgp.sys
2006-12-10 17:37 24,064 --a------
C:\WINDOWS\system32\drivers\sonydcam.sys
2006-12-10 17:37 23,680 --a------
C:\WINDOWS\system32\drivers\pciidex.sys
2006-12-10 17:37 23,680 --a------
C:\WINDOWS\system32\drivers\hidparse.sys
2006-12-10 17:37 23,424 --a------
C:\WINDOWS\system32\drivers\kbdclass.sys
2006-12-10 17:37 23,070 --a------
C:\WINDOWS\system32\drivers\rtl8139.sys
2006-12-10 17:37 22,016 --a------
C:\WINDOWS\system32\drivers\mouclass.sys
2006-12-10 17:37 21,760 --a------
C:\WINDOWS\system32\drivers\usbstor.sys
2006-12-10 17:37 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-10 17:37 19,584 --a------ C:\WINDOWS\system32\drivers\vga.sys
2006-12-10 17:37 19,584 --a------
C:\WINDOWS\system32\drivers\ipinip.sys
2006-12-10 17:37 181,632 --a------
C:\WINDOWS\system32\drivers\rdpdr.sys
2006-12-10 17:37 180,032 --a------
C:\WINDOWS\system32\drivers\tcpip6.sys
2006-12-10 17:37 18,688 --a------
C:\WINDOWS\system32\drivers\wstcodec.sys
2006-12-10 17:37 18,048 --a------ C:\WINDOWS\system32\drivers\msfs.sys
2006-12-10 17:37 172,672 --a------
C:\WINDOWS\system32\drivers\mrxdav.sys
2006-12-10 17:37 163,840 --a------
C:\WINDOWS\system32\drivers\rdbss.sys
2006-12-10 17:37 161,536 --a------ C:\WINDOWS\system32\drivers\ndis.sys
2006-12-10 17:37 16,256 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2006-12-10 17:37 159,232 --a------
C:\WINDOWS\system32\drivers\kmixer.sys
2006-12-10 17:37 153,600 --------- C:\WINDOWS\system32\wuv3is.dll
2006-12-10 17:37 150,272 --a------
C:\WINDOWS\system32\drivers\netbt.sys
2006-12-10 17:37 15,616 --a------
C:\WINDOWS\system32\drivers\usbohci.sys
2006-12-10 17:37 15,104 --a------
C:\WINDOWS\system32\drivers\usbintel.sys
2006-12-10 17:37 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-12-10 17:37 14,976 --a------
C:\WINDOWS\system32\drivers\streamip.sys
2006-12-10 17:37 14,976 --a------
C:\WINDOWS\system32\drivers\serenum.sys
2006-12-10 17:37 14,366 --------- C:\WINDOWS\system32\asfsipc.dll
2006-12-10 17:37 137,088 --a------
C:\WINDOWS\system32\drivers\update.sys
2006-12-10 17:37 135,040 --a------
C:\WINDOWS\system32\drivers\portcls.sys
2006-12-10 17:37 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-12-10 17:37 13,696 --a------ C:\WINDOWS\system32\drivers\tape.sys
2006-12-10 17:37 13,312 --------- C:\WINDOWS\system32\wupdinfo.dll
2006-12-10 17:37 123,264 --a------
C:\WINDOWS\system32\drivers\usbport.sys
2006-12-10 17:37 12,160 --a------
C:\WINDOWS\system32\drivers\ndisuio.sys
2006-12-10 17:37 116,352 --a------
C:\WINDOWS\system32\drivers\pcmcia.sys
2006-12-10 17:37 11,144 --a------
C:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-10 17:37 11,136 --a------
C:\WINDOWS\system32\drivers\usb8023.sys
2006-12-10 17:37 107,912 --a------
C:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-10 17:37 103,936 --a------ C:\WINDOWS\system32\drivers\mup.sys
2006-12-10 17:37 100,712 --------- C:\WINDOWS\system32\iuctl.dll
2006-12-10 17:37 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-12-10 17:37 10,496 --a------
C:\WINDOWS\system32\drivers\sfloppy.sys
2006-12-10 17:37 10,496 --a------
C:\WINDOWS\system32\drivers\irenum.sys
2006-12-10 17:37 10,112 --a------
C:\WINDOWS\system32\drivers\ndisip.sys
2006-12-10 17:37 1,897,984 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2006-12-10 17:37 1,869,824 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-10 17:37 <DIR> d-------- C:\WINDOWS\EHome
2006-12-10 16:54 <DIR> d-------- C:\Documents and Settings\All
Users\Application Data\nView_Profiles
2006-12-10 13:10 94,064 -ra------
C:\WINDOWS\system32\drivers\w810mdm.sys
2006-12-10 13:10 8,336 -ra------
C:\WINDOWS\system32\drivers\w810mdfl.sys
2006-12-10 13:10 6,176 -ra------
C:\WINDOWS\system32\drivers\w810cmnt.sys
2006-12-10 13:10 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cm.sys
2006-12-10 13:10 58,288 -ra------
C:\WINDOWS\system32\drivers\w810bus.sys
2006-12-10 13:10 5,808 -ra------
C:\WINDOWS\system32\drivers\w810whnt.sys
2006-12-10 13:10 5,808 -ra------ C:\WINDOWS\system32\drivers\w810wh.sys
2006-12-09 13:30 68,968 --a------ C:\WINDOWS\system32\lzx32.sys
2006-12-09 13:29 <DIR> d-------- C:\Program Files\WinRAR
2006-12-06 19:03 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-12-06 19:01 94,282 --a------ C:\WINDOWS\system32\msencode.dll
2006-12-06 19:01 60,416 --a------ C:\WINDOWS\system32\msratelc.dll
2006-12-06 19:01 14,848 --a------ C:\WINDOWS\system32\msidntld.dll
2006-12-06 19:01 110,592 --a------ C:\WINDOWS\system32\inetcplc.dll
2006-12-06 19:01 109,568 --a------ C:\WINDOWS\system32\URL.DLL
2006-12-05 20:07 <DIR> d-------- C:\Program Files\Google
2006-12-04 12:52 <DIR> d-------- C:\Documents and
Settings\gowri\Application Data\Apple Computer
2006-12-04 11:48 <DIR> d-------- C:\Program Files\QuickTime
2006-12-04 11:48 <DIR> d-------- C:\Documents and Settings\All
Users\Application Data\Apple Computer
2006-11-30 21:05 <DIR> d-------- C:\Downloads
2006-11-30 21:04 <DIR> d-------- C:\Program Files\BitComet
2006-11-23 23:40 <DIR> d-------- C:\Documents and
Settings\gowri\Application Data\Opera
2006-11-23 13:25 <DIR> d--h----- C:\WINDOWS\PIF
2006-11-20 09:03 <DIR> d-------- C:\Documents and Settings\All
Users\Application Data\Adobe Systems
2006-11-16 15:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
Systems Shared
2006-11-15 12:19 18,704 -ra------
C:\WINDOWS\system32\drivers\se31nd5.sys
2006-11-15 12:14 <DIR> d-------- C:\Documents and
Settings\gowri\Application Data\Teleca
2006-11-15 12:13 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2006-11-15 12:12 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-15 12:12 <DIR> d-------- C:\Program Files\Sony Ericsson
2006-11-15 12:12 <DIR> d-------- C:\Program Files\Common Files\Teleca
Shared
2006-11-15 12:12 <DIR> d-------- C:\Documents and Settings\All
Users\Application Data\Teleca
2006-11-15 12:12 <DIR> d-------- C:\Documents and Settings\All
Users\Application Data\Sony Ericsson
2006-11-13 09:29 <DIR> d-------- C:\Documents and
Settings\gowri\Application Data\Help
2006-11-13 08:38 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-11-13 08:31 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files
2006-11-13 08:31 <DIR> d-------- C:\WINDOWS\History

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-10 15:38 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-11-12 09:07 99965 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-11-12 09:07 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-12 09:07 -------- d-------- C:\Documents and
Settings\gowri\Application Data\Mozilla
2006-11-11 22:44 -------- d-------- C:\Program Files\Common
Files\Mercury Interactive
2006-11-11 22:41 -------- d-------- C:\Program Files\Mercury
Interactive
2006-11-09 12:08 -------- d-------- C:\Documents and
Settings\gowri\Application Data\MSN6
2006-11-08 22:51 -------- d-------- C:\Documents and
Settings\gowri\Application Data\yoclient
2006-11-03 13:53 -------- d-------- C:\Program Files\DAP
2006-10-23 09:05 -------- d-------- C:\Documents and
Settings\gowri\Application Data\Sun
2006-10-23 09:01 -------- d-------- C:\Program Files\Java
2006-10-23 09:01 -------- d-------- C:\Program Files\Common Files\Java
2006-10-22 16:17 -------- d-------- C:\Program Files\Real
2006-10-22 16:17 -------- d-------- C:\Program Files\Common Files\xing
shared
2006-10-22 16:17 -------- d-------- C:\Program Files\Common Files\Real
2006-10-22 16:16 -------- d-------- C:\Documents and
Settings\gowri\Application Data\Real
2006-10-16 22:22 -------- d-------- C:\Documents and
Settings\gowri\Application Data\Hummingbird
2006-10-14 13:10 16752 --a------ C:\Documents and
Settings\gowri\Application Data\GDIPFONTCACHEV1.DAT
2006-10-14 08:04 -------- d-------- C:\Documents and
Settings\gowri\Application Data\Yahoo!
2006-09-28 09:24 0 -rahs---- C:\MSDOS.SYS
2006-09-28 09:24 0 -rahs---- C:\IO.SYS
2006-09-28 09:24 0 --a------ C:\CONFIG.SYS
2006-09-28 09:24 0 --a------ C:\AUTOEXEC.BAT
2006-09-28 09:13 62 --ahs---- C:\Documents and
Settings\gowri\Application Data\desktop.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"Yahoo! Pager "= "\ "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\"
-quiet "
"Skype "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash
/minimized "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE
C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit "
"SoundMan "= "SOUNDMAN.EXE "
"TVTray "= "C:\\PROGRA~1\\SuperTV\\SuperTV\\TVTray.exe "
"RemoteControl "= "\ "C:\\Program
Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" "
"NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"TkBellExe "= "\ "C:\\Program Files\\Common
Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"SunJavaUpdateSched "= "C:\\Program
Files\\Java\\jre1.5.0_06\\bin\\jusched.exe "
"DownloadAccelerator "= "C:\\PROGRA~1\\DAP\\DAP.EXE /STARTUP "
"Sony Ericsson PC Suite "= "\ "C:\\Program Files\\Sony
Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\"
-atboottime "
"Openwares LiveUpdate "= "C:\\Program Files\\LiveUpdate\\LiveUpdate.exe "
"Aqua Dock "= "C:\\Program Files\\Aqua Dock\\Aqua Dock.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\internet
explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet
explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=dword:40000004
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache
daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, msnsspc.dll,
digest.dll "

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061213-231828-332
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no
file)
backup-20061213-231828-415
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
Completion time: 06-12-13 23:34:20.98
C:\ComboFix.txt ... 06-12-13 23:34

thanks

ban

TeMerc · 2006/12/13

Err....curious, did you just install this OS recently?

Reason I ask is the godawful long file list.

Log in or Sign up

dumpdata errors [lzx32.sys - suspect rootkit]

banmido Inactive Thread Starter

PeteC SuperGeek Staff

TeMerc Inactive Alumni

banmido Inactive Thread Starter

banmido Inactive Thread Starter

TeMerc Inactive Alumni

banmido Inactive Thread Starter

TeMerc Inactive Alumni

banmido Inactive Thread Starter

banmido Inactive Thread Starter

TeMerc Inactive Alumni

banmido Inactive Thread Starter

banmido Inactive Thread Starter

banmido Inactive Thread Starter

banmido Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Log in or Sign up

dumpdata errors [lzx32.sys - suspect rootkit]

banmido Inactive Thread Starter

PeteC SuperGeek Staff

TeMerc Inactive Alumni

banmido Inactive Thread Starter

banmido Inactive Thread Starter

TeMerc Inactive Alumni

banmido Inactive Thread Starter

TeMerc Inactive Alumni

banmido Inactive Thread Starter

banmido Inactive Thread Starter

TeMerc Inactive Alumni

banmido Inactive Thread Starter

banmido Inactive Thread Starter

banmido Inactive Thread Starter

banmido Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Useful Searches