QUOTE
Hi Clive,
the forum seems to have an error in our thread. I posted an answer but never manage to access it again.
Please repost the latest combofix and RSIT report on a new thread in the forum. I will take it from there.
Chris
Wow these viruses are clever
or is it that I'm just jinxed?I ran the Avenger with the code you suggested but there was no log produced on restart. I checked with "rgedit" and there were no signs of the registry keys you put in the code so I think it did the job anyway.
Here are the latest combofix: -
ComboFix 09-11-01.04 - Rute 02/11/2009 19:40.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.256 [GMT 0:00]
Running from: c:\documents and settings\Rute\My Documents\1812\SpyWare\ComboFix\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004678_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004702_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004705_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\bios_setup114.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CDBGEVTSVC
-------\Legacy_SYSREST.SYS
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.
2009-11-02 14:30 . 2009-11-02 14:31 -------- d-----w- c:\windows\ERUNT
2009-11-02 14:21 . 2009-11-02 14:45 -------- d-----w- C:\SDFix
2009-11-02 10:23 . 2009-11-02 10:25 -------- d-----w- C:\LinhaDefensiva
2009-11-02 00:32 . 2009-11-02 14:11 -------- d-----w- c:\program files\trend micro
2009-11-02 00:31 . 2009-11-02 00:32 -------- d-----w- C:\rsit
2009-11-01 22:38 . 2004-08-04 00:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-01 22:38 . 2001-08-17 22:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-01 22:38 . 2001-08-17 22:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-01 22:38 . 2001-08-17 22:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-01 22:38 . 2001-08-17 22:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-01 22:37 . 2001-08-17 22:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-01 22:37 . 2001-08-17 12:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-01 22:37 . 2004-08-03 22:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-01 22:37 . 2004-08-03 22:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-01 22:35 . 2004-08-03 22:29 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2009-11-01 22:34 . 2001-08-17 13:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-01 22:33 . 2001-08-17 22:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-01 22:32 . 2001-08-17 12:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-11-01 22:31 . 2001-08-17 22:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-01 22:30 . 2001-08-17 13:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-11-01 22:29 . 2001-08-17 22:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2009-11-01 22:28 . 2001-07-21 14:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-11-01 22:27 . 2001-08-17 12:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2009-11-01 22:26 . 2001-08-17 22:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-11-01 22:26 . 2001-08-17 12:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-11-01 22:26 . 2004-08-03 22:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2009-11-01 22:26 . 2004-08-03 23:04 30080 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-11-01 22:26 . 2001-08-17 12:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-11-01 22:26 . 2004-08-03 23:10 59648 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-11-01 22:26 . 2001-08-17 22:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-11-01 22:26 . 2004-08-03 22:41 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2009-11-01 22:26 . 2001-08-17 13:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-11-01 22:26 . 2001-08-17 13:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-11-01 22:26 . 2001-08-17 22:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-11-01 22:26 . 2001-08-17 13:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-11-01 22:26 . 2001-08-17 13:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-11-01 22:24 . 2001-08-17 14:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2009-11-01 22:23 . 2001-08-17 14:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-11-01 22:22 . 2001-08-17 12:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-11-01 22:21 . 2001-08-17 14:56 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2009-11-01 22:20 . 2001-08-17 14:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-01 22:20 . 2001-08-17 13:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-01 22:20 . 2001-08-17 13:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-11-01 22:20 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-11-01 22:20 . 2001-08-17 13:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-11-01 22:20 . 2001-08-17 12:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-11-01 22:20 . 2001-08-17 14:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-11-01 22:20 . 2004-08-03 23:00 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-11-01 22:18 . 2004-08-03 22:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-11-01 22:18 . 2001-08-17 12:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-11-01 22:18 . 2001-08-17 12:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2009-11-01 22:18 . 2001-08-17 22:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-11-01 22:18 . 2001-08-17 22:36 242176 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2009-11-01 22:18 . 2001-08-17 22:36 45568 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2009-11-01 22:18 . 2001-08-17 22:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-01 22:18 . 2001-08-17 22:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-01 22:18 . 2004-08-03 22:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-01 22:18 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-01 22:18 . 2001-08-17 14:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-01 22:18 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-01 22:18 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-01 22:17 . 2001-08-17 13:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-11-01 22:17 . 2001-08-17 13:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2009-11-01 22:17 . 2004-08-03 23:08 40832 -c--a-w- c:\windows\system32\dllcache\irbus.sys
2009-11-01 22:17 . 2001-08-17 12:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2009-11-01 22:17 . 2001-08-17 22:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-11-01 22:17 . 2001-08-17 13:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2009-11-01 22:17 . 2004-08-03 22:59 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2009-11-01 22:17 . 2001-08-17 13:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-11-01 22:17 . 2001-08-17 13:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-11-01 22:15 . 2004-08-03 22:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-11-01 22:15 . 2004-08-03 22:41 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2009-11-01 22:15 . 2004-08-04 00:56 32285 -c--a-w- c:\windows\system32\dllcache\hsfcisp2.dll
2009-11-01 22:15 . 2004-08-03 22:41 220032 -c--a-w- c:\windows\system32\dllcache\hsfbs2s2.sys
2009-11-01 22:15 . 2001-08-17 13:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-11-01 22:15 . 2001-08-17 13:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2009-11-01 22:15 . 2001-08-17 13:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2009-11-01 22:15 . 2001-08-17 13:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2009-11-01 22:15 . 2001-08-17 13:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2009-11-01 22:15 . 2001-08-17 13:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2009-11-01 22:15 . 2001-08-17 13:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2009-11-01 22:15 . 2001-08-17 22:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-11-01 22:13 . 2001-08-17 13:28 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2009-11-01 22:12 . 2001-08-17 12:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2009-11-01 22:11 . 2001-08-17 12:12 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2009-11-01 22:10 . 2001-08-17 12:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2009-11-01 22:09 . 2001-08-17 22:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-11-01 22:08 . 2004-08-03 23:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-11-01 22:07 . 2001-08-17 22:36 41472 -c--a-w- c:\windows\system32\dllcache\brmfusb.dll
2009-11-01 22:06 . 2004-08-03 22:29 11615 -c--a-w- c:\windows\system32\dllcache\ati1mdxx.sys
2009-11-01 22:05 . 2001-08-17 14:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-01 22:04 . 2004-08-03 23:18 2148352 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-01 19:15 . 2007-08-10 20:46 33656 ----a-w- c:\windows\system32\sprecovr.exe
2009-11-01 19:10 . 2006-02-28 12:00 98304 -c--a-w- c:\windows\system32\dllcache\wmpband.dll
2009-11-01 19:10 . 2006-02-28 12:00 786432 -c--a-w- c:\windows\system32\dllcache\migrate.exe
2009-11-01 19:10 . 2006-02-28 12:00 368640 -c--a-w- c:\windows\system32\dllcache\mpvis.dll
2009-11-01 19:10 . 2006-02-28 12:00 221184 -c--a-w- c:\windows\system32\dllcache\wmpns.dll
2009-11-01 19:10 . 2006-02-28 12:00 1001472 -c--a-w- c:\windows\system32\dllcache\wmvdmoe2.dll
2009-11-01 19:10 . 2006-02-28 12:00 1001472 ----a-w- c:\windows\system32\wmvdmoe2.dll
2009-11-01 19:10 . 2006-02-28 12:00 896512 -c--a-w- c:\windows\system32\dllcache\wmspdmoe.dll
2009-11-01 19:10 . 2006-02-28 12:00 896512 ----a-w- c:\windows\system32\wmspdmoe.dll
2009-11-01 19:10 . 2006-02-28 12:00 484864 -c--a-w- c:\windows\system32\dllcache\wmspdmod.dll
2009-11-01 19:10 . 2006-02-28 12:00 484864 ----a-w- c:\windows\system32\wmspdmod.dll
2009-11-01 19:10 . 2006-02-28 12:00 1119744 -c--a-w- c:\windows\system32\dllcache\wmsdmoe2.dll
2009-11-01 19:10 . 2006-02-28 12:00 1119744 ----a-w- c:\windows\system32\wmsdmoe2.dll
2009-11-01 19:08 . 2006-02-28 12:00 96768 -c--a-w- c:\windows\system32\dllcache\dpcdll.dll
2009-11-01 19:07 . 2006-02-28 12:00 84992 -c--a-w- c:\windows\system32\dllcache\wabimp.dll
2009-11-01 19:06 . 2006-02-28 12:00 94208 -c--a-w- c:\windows\system32\dllcache\odbcint.dll
2009-11-01 18:51 . 2009-11-01 18:56 -------- d-----w- C:\c54a6d05e83307ead7db2bd86b09
2009-11-01 11:22 . 2009-11-01 11:22 -------- d-----w- c:\program files\CCleaner
2009-10-31 20:28 . 2009-10-31 20:34 -------- d-----w- C:\ecdf583faca82bc123a6e40196
2009-10-31 19:26 . 2009-10-31 19:31 -------- d-----w- C:\a8a4fdb52b43ca7799
2009-10-31 17:43 . 2009-10-31 15:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-31 15:30 . 2009-10-31 15:30 -------- d-----w- C:\809ce48a9298ca6fef
2009-10-31 15:30 . 2009-10-31 15:30 -------- d-----w- C:\036cf94b026c6c1a2abf5f9e
2009-10-31 15:14 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-31 15:11 . 2009-10-31 15:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 15:10 . 2009-10-31 15:10 -------- d-----w- c:\program files\Lavasoft
2009-10-31 14:16 . 2009-10-31 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 14:11 . 2009-10-31 14:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-10-31 14:11 . 2009-10-31 14:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-10-31 13:36 . 2009-10-31 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-31 13:07 . 2009-10-31 13:12 -------- d-----w- C:\79dbf129e5766d58c21d
2009-10-31 12:49 . 2009-10-31 12:49 -------- d-----w- C:\a77b669a6bc9a21afaf97f36b4e048f5
2009-10-31 12:40 . 2009-11-01 22:55 -------- d-----w- c:\windows\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 11:21 . 2008-08-18 11:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 11:21 . 2008-08-18 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-30 11:13 . 2008-08-18 09:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 11:12 . 2008-08-18 09:34 -------- d-----w- c:\program files\SpywareBlaster
2009-10-30 10:23 . 2008-08-18 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 09:09 . 2008-01-12 10:50 -------- d-----w- c:\program files\Java
2009-09-25 18:50 . 2009-09-25 18:49 79 ----a-w- C:\adobereader.bat
2009-09-10 14:54 . 2008-08-18 10:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-08-18 10:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2003-02-13 493024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 2695168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-28 149280]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cloudmark Desktop for Outlook Express.lnk - c:\windows\Installer\{5B0A00E4-2F9F-49C7-B9A1-9A8E136E8869}\SC_1.ico [2007-8-27 3638]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot52.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd27.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R?2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [19/03/2002 11:15 36864]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31/10/2009 15:14 64288]
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20/09/2002 16:29 53248]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27/09/2002 17:21 22912]
S0 Cxq69;Cxq69; [x]
S0 Winkp62;Winkp62;c:\windows\system32\Drivers\Winkp62.sys --> c:\windows\system32\Drivers\Winkp62.sys [?]
S0 Winot52;Winot52;c:\windows\system32\Drivers\Winot52.sys --> c:\windows\system32\Drivers\Winot52.sys [?]
S0 Winwd27;Winwd27;c:\windows\system32\Drivers\Winwd27.sys --> c:\windows\system32\Drivers\Winwd27.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1179232]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20/09/2002 16:27 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20/09/2002 16:41 77824]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [27/08/2007 06:00 159104]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-10-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:13]
2009-11-02 c:\windows\Tasks\Every week.job
- c:\windows\system32\ntbackup.exe [2009-11-01 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 19:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1324)
c:\documents and settings\Rute\Local Settings\Application Data\Cloudmark\SpamNet\snoew32h_1.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-11-02 19:47
ComboFix-quarantined-files.txt 2009-11-02 19:47
Pre-Run: 27,807,186,944 bytes free
Post-Run: 27,777,159,168 bytes free
- - End Of File - - 5B22E68439ECD08BCD2C7AE01D1BA63D
and RSIT report: -
Logfile of random's system information tool 1.06 (written by random/random)
Run by Rute at 2009-11-02 19:49:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (69%) free of 38 GB
Total RAM: 502 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:27, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rute\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rute.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199792268796
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\System32\brsvc01a.exe (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
--
End of file - 5884 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Every week.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-28 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-28 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"D-Link Air Utility"=C:\Program Files\D-Link\Air Utility\AirCFG.exe [2003-06-26 2695168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-07-22 1519616]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cloudmark Desktop for Outlook Express.lnk - C:\WINDOWS\Installer\{5B0A00E4-2F9F-49C7-B9A1-9A8E136E8869}\SC_1.ico
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot52.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkp62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot52.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd27.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-11-02 19:47:56 ----D---- C:\WINDOWS\temp
2009-11-02 19:47:54 ----A---- C:\ComboFix.txt
2009-11-02 19:47:53 ----A---- C:\log.txt
2009-11-02 19:24:25 ----A---- C:\WINDOWS\zip.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\SWSC.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\SWREG.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\sed.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\PEV.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\MBR.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\grep.exe
2009-11-02 19:24:20 ----D---- C:\WINDOWS\ERDNT
2009-11-02 19:23:16 ----D---- C:\Qoobox
2009-11-02 14:30:59 ----D---- C:\WINDOWS\ERUNT
2009-11-02 14:21:25 ----D---- C:\SDFix
2009-11-02 10:45:07 ----D---- C:\Avenger
2009-11-02 10:45:06 ----A---- C:\avenger.txt
2009-11-02 10:23:58 ----D---- C:\LinhaDefensiva
2009-11-02 00:32:01 ----D---- C:\Program Files\trend micro
2009-11-02 00:31:58 ----D---- C:\rsit
2009-11-01 19:16:40 ----A---- C:\WINDOWS\system32\SET145.tmp
2009-11-01 19:16:37 ----D---- C:\WINDOWS\network diagnostic
2009-11-01 19:15:39 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-11-01 19:12:33 ----A---- C:\WINDOWS\002988_.tmp
2009-11-01 19:10:01 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-11-01 19:09:59 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpasf.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmp.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmidx.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmerror.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthci.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-11-01 19:09:27 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-11-01 19:09:25 ----A---- C:\WINDOWS\system32\spiisupd.exe
2009-11-01 19:09:18 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\secedit.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\encdec.dll
2009-11-01 19:08:54 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbe.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-11-01 19:08:50 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\mssap.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-11-01 19:08:46 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-11-01 19:08:46 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\twext.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\p2p.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\encapi.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\gpresult.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventcreate.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\driverquery.exe
2009-11-01 19:08:40 ----N---- C:\WINDOWS\system32\appmgmts.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\systeminfo.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\schtasks.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\openfiles.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\appmgr.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\adsnw.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\gpedit.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\getmac.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fdeploy.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fde.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\efsadu.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\cipher.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\bootcfg.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2009-11-01 19:08:38 ----A---- C:\WINDOWS\system32\gptext.dll
2009-11-01 19:08:37 ----A---- C:\WINDOWS\system32\logman.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqise.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqad.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\nwwks.dll
Here goes with the latest RSIT: -
