Author Topic: [Resolved] Internet URL re-directions (Read 12076 times)

Hoov · « **Reply #30 on:** November 30, 2009, 06:42:10 PM »

I totally forgot you had Stardock, it is not something I see very often anymore.

Try running ccleaner using the previous instructions again. Also update Spybot and use the immunize feature again.

After that update and run a full scan with Malwarebytes' Anti-Malware and post the log.

Test out the browsers again and see if you are still having the same problems.

jamie1 · « **Reply #31 on:** December 01, 2009, 10:16:38 AM »

When I did the CC cleaner scan yesterday I just clicked on run cleaner as most of the boxes were checked although some were not. Now I am about to do a new scan and have realised that you want me to check all the boxes (apart from cookies in Firefox) is that right. Clicking on including Advance tab....Hotfix uninstallers, Custom Files and folders and wipe free space. Also under the system tab..... DNS cache, desktop shortcuts and start menu shortcuts. I get warning what checking these boxes will mean.

Hoov · « **Reply #32 on:** December 01, 2009, 06:39:51 PM »

First, the hotfix uninstallers. These are the uninstallers for the updates that you have installed from windows update. If you have been running with the updates for a while, and they are stable, then you really don't need them. But you can leave that unchecked.

Custom files and folders, this setting relates to CCleaner rather than any part of Windows. If you select Custom Files and Folders, CCleaner will use the information in the Include and Exclude part of its Advanced section to add or ignore files, folders, and Registry keys while cleaning.

Wipe free space is just that, the space that is empty on your harddrive gets wiped clean. It is possible that there are file and folder fragments left there. If they are never wiped clean, the fragments will stay there until they are written over by a new file or folder.

DNS Cache is the DNS storage on your computer that maintains a list of DNS entries for the websites you have been to since the last wipe. Sometimes this cache gets big an clunky, or corrupted and causes slowness or lags in pages opening. It can even cause redirections.

Desktop shortcuts and the start menu shortcuts , ccleaner looks for shortcuts that are no longer valid and removes them. This generally occurs when you delete something, or uninstall a program. Sometimes shortcuts are left behind. This option deletes them.

Any other concerns.

jamie1 · « **Reply #33 on:** December 02, 2009, 12:57:54 PM »

run cc cleaner, Spybot update and immunize, MalwareAntibytes full scan and ATF cleaner no change still getting re-directions and radio playing.

Malwarebytes' Anti-Malware 1.41
Database version: 3278
Windows 5.1.2600 Service Pack 3

02/12/2009 18:50:15
mbam-log-2009-12-02 (18-50-15).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|)
Objects scanned: 153326
Time elapsed: 28 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hoov · « **Reply #34 on:** December 02, 2009, 01:05:50 PM »

Open a command prompt (all programs > Accessories > Command Prompt) and type in
Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

Are you behind a router?

jamie1 · « **Reply #35 on:** December 02, 2009, 01:36:34 PM »

Not sure what you mean are you behind a router?

Windows IP Configuration

Host Name . . . . . . . . . . . . : user-455cb9dbd3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VIA Rhine III Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-11-09-F1-BF-67

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.33

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 02 December 2009 15:25:24

Lease Expires . . . . . . . . . . : 05 December 2009 15:25:24

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Bluetooth PAN Network Adapter

Physical Address. . . . . . . . . : 00-11-09-E2-66-65

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.50.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.50.10

Lease Obtained. . . . . . . . . . : 02 December 2009 15:26:30

Lease Expires . . . . . . . . . . : 19 January 2038 03:14:07

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : RT2500 USB Wireless LAN Card

Physical Address. . . . . . . . . : 00-11-09-DF-A7-49

Hoov · « **Reply #36 on:** December 02, 2009, 07:57:00 PM »

Is there a router between your computer and the modem that connects to the internet, or are you connected right to the modem?

jamie1 · « **Reply #37 on:** December 03, 2009, 04:17:40 AM »

My computer connects directly to a wireless router which is connected directly to the phone line.

Hoov · « **Reply #38 on:** December 03, 2009, 11:25:25 AM »

Please reset the wireless router. This involves a reset switch, or reset utility in the router. Make sure you write down any settings for the router. If you don't know how to do it, and can't find it in any instructions you have, let me know the make and model number of the router, and I will try and find the info for you.

jamie1 · « **Reply #39 on:** December 03, 2009, 12:28:16 PM »

Wireless router reset ok. It is a Zyxel P660HW-T1 v2 with a reset button on the back.

Hoov · « **Reply #40 on:** December 03, 2009, 01:01:26 PM »

Did that change anything?

If not, then I would like you to run combofix again. You can't use the copy you already have, you need to redownload it.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

jamie1 · « **Reply #41 on:** December 03, 2009, 02:21:31 PM »

Started ComboFix and it had to re-boot as it found a rootkit. Going to check the browsers.

ComboFix 09-12-02.08 - User 03/12/2009 19:57.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.588 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-11-30 19:08 . 2009-11-30 19:08   --------   d-----w-   c:\program files\CCleaner
2009-11-29 21:02 . 2009-11-29 21:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\ConeXware
2009-11-29 21:01 . 2009-12-03 10:53   --------   d-----w-   c:\program files\PowerArchiver
2009-11-28 17:05 . 2009-12-03 10:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\SP
2009-11-28 17:05 . 2009-12-03 00:21   58368   ----a-w-   c:\documents and settings\All Users\Application Data\SP\sp.dll
2009-11-27 22:57 . 2009-12-03 19:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-27 22:57 . 2009-11-27 22:58   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-11-26 22:24 . 2009-11-26 22:23   64160   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2009-11-26 14:43 . 2009-11-26 14:43   1212   ----a-w-   c:\windows\69-0U812.BAT
2009-11-25 22:46 . 2009-11-25 22:48   54   ----a-w-   c:\windows\system32\rp_stats.dat
2009-11-25 22:46 . 2009-11-25 22:48   39   ----a-w-   c:\windows\system32\rp_rules.dat
2009-11-25 22:23 . 2009-11-26 22:24   --------   dc----w-   c:\windows\system32\DRVSTORE
2009-11-25 22:23 . 2009-11-25 22:23   93360   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 18:40 . 2009-11-25 18:40   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-25 18:38 . 2009-11-30 23:25   117760   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-25 18:36 . 2009-11-25 18:36   --------   d-----w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2009-11-25 18:36 . 2009-11-25 18:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-25 18:34 . 2009-11-25 18:34   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-11-25 17:34 . 2009-11-25 17:34   --------   d-----w-   c:\documents and settings\User\Application Data\Malwarebytes
2009-11-25 17:34 . 2009-09-10 14:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 17:34 . 2009-11-25 17:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-25 17:34 . 2009-09-10 14:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-25 17:34 . 2009-11-25 17:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-24 19:08 . 2009-11-24 19:08   --------   d-----w-   c:\program files\MSXML 4.0
2009-11-24 19:02 . 2009-07-31 04:35   1172480   -c----w-   c:\windows\system32\dllcache\msxml3.dll
2009-11-22 22:16 . 2009-11-22 22:30   --------   d-----w-   c:\program files\Nero
2009-11-22 22:15 . 2009-11-22 22:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\Nero
2009-11-22 22:15 . 2009-11-22 22:31   --------   d-----w-   c:\program files\Common Files\Nero
2009-11-22 15:32 . 2009-11-22 15:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ahead
2009-11-22 15:04 . 2009-11-23 11:35   --------   d-----w-   c:\documents and settings\User\Application Data\Nero
2009-11-21 23:39 . 2009-11-21 23:39   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2009-11-20 10:35 . 2003-03-05 12:19   15840   ----a-w-   c:\windows\system32\drivers\PfModNT.sys
2009-11-20 10:35 . 1999-12-13 01:01   44032   ------w-   c:\windows\system32\CTSVCCDA.EXE
2009-11-20 10:35 . 1999-11-18 01:00   25088   ------w-   c:\windows\system32\CTSVCCTL.EXE
2009-11-20 10:35 . 2009-11-20 10:39   --------   d-----w-   c:\program files\Creative
2009-11-20 10:34 . 2009-11-20 10:34   --------   d-----w-   c:\windows\Profiles
2009-11-20 10:34 . 2009-11-20 10:34   --------   d-----w-   c:\windows\system32\Adobe
2009-11-20 10:34 . 2009-11-20 10:34   --------   d-----w-   c:\documents and settings\User\Application Data\InterTrust
2009-11-20 00:05 . 2009-11-20 00:05   --------   d-----w-   c:\windows\system32\wbem\Repository
2009-11-18 21:47 . 2009-11-18 21:47   --------   d-----w-   c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-12 14:33 . 2004-05-13 15:39   49152   ----a-w-   c:\windows\system32\eventlog.dll
2009-11-10 19:13 . 2009-11-10 19:13   14   ----a-w-   c:\windows\system32\SysEngine2.SYS
2009-11-10 14:54 . 2009-11-10 14:54   --------   d-----w-   c:\program files\DVD Shrink
2009-11-10 00:09 . 2009-11-10 00:09   --------   d-----w-   c:\program files\WMPCDText
2009-11-09 23:30 . 2009-11-26 14:58   --------   d-----w-   c:\documents and settings\User\Application Data\dvdcss
2009-11-09 13:06 . 2009-11-09 13:06   --------   d-----w-   c:\documents and settings\User\Application Data\Photo DVD Maker
2009-11-09 13:05 . 2009-11-09 13:06   --------   d-----w-   c:\program files\Photo DVD Maker Professional
2009-11-07 14:45 . 2009-09-02 16:41   626688   ----a-w-   c:\windows\system32\vp7vfw.dll
2009-11-07 14:45 . 2009-09-02 16:41   1184984   ----a-w-   c:\windows\system32\wvc1dmod.dll
2009-11-06 18:41 . 1999-03-15 16:39   212992   ----a-w-   c:\windows\ALCHUNIN.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 22:42 . 2009-03-07 16:37   4426   ----a-w-   c:\documents and settings\User\Application Data\wklnhst.dat
2009-12-01 20:52 . 2004-08-04 12:00   96512   ------w-   c:\windows\system32\drivers\atapi.sys
2009-11-30 22:47 . 2009-03-06 18:08   81984   ----a-w-   c:\windows\system32\bdod.bin
2009-11-30 20:13 . 2009-08-24 22:54   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-11-28 00:10 . 2009-09-21 18:15   --------   d-----w-   c:\program files\Registry Clean Expert
2009-11-26 23:25 . 2009-08-31 12:28   --------   d-----w-   c:\documents and settings\User\Application Data\Vso
2009-11-26 23:22 . 2009-08-17 12:35   --------   d-----w-   c:\program files\Common Files\Anvsoft
2009-11-25 22:04 . 2009-03-07 15:28   --------   d-----w-   c:\program files\McAfee
2009-11-25 18:12 . 2009-08-27 21:58   --------   d-----w-   c:\program files\Setup NetZero
2009-11-22 15:00 . 2009-03-07 15:04   --------   d-----w-   c:\program files\Common Files\Adobe
2009-11-20 10:49 . 2009-11-20 10:45   --------   d-----w-   c:\documents and settings\User\Application Data\Creative
2009-11-20 10:39 . 2009-03-06 12:51   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-11-20 10:22 . 2009-11-20 10:22   99480   ----a-w-   c:\windows\system32\bda29.tmp
2009-11-10 19:29 . 2009-03-07 14:45   47360   ----a-w-   c:\documents and settings\User\Application Data\pcouffin.sys
2009-11-10 19:29 . 2009-03-07 14:45   47360   ----a-w-   c:\documents and settings\User\Application Data\pcouffin.sys
2009-11-09 14:41 . 2009-03-11 15:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-07 14:45 . 2009-08-31 12:28   --------   d-----w-   c:\program files\VSO
2009-11-05 15:18 . 2009-10-31 11:33   --------   d-----w-   c:\program files\Java
2009-11-01 10:39 . 2009-11-01 10:39   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-10-31 11:33 . 2009-10-31 11:33   --------   d-----w-   c:\program files\Common Files\Java
2009-10-24 21:00 . 2009-10-23 17:54   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-10-23 18:09 . 2009-06-17 17:36   --------   d-----w-   c:\documents and settings\User\Application Data\Orbit
2009-10-08 14:57 . 2008-07-29 19:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57 . 2004-08-04 12:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
2009-10-08 14:56 . 2004-08-04 12:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2009-09-17 13:51 . 2009-09-17 13:51   2373416   ----a-w-   c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-09-17 12:58 . 2009-09-17 12:58   2373416   ----a-w-   c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
2009-09-11 17:18 . 2004-08-04 12:00   4183552   ----a-w-   c:\windows\system32\logonuiX.exe
2009-09-11 14:18 . 2004-08-04 12:00   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-11-12 17:00 . 2009-11-23 22:32   65536   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
2009-07-27 16:34 . 2009-07-27 16:34   8   --sh--r-   c:\windows\system32\4AD8A36523.sys
2009-07-27 16:43 . 2009-07-27 16:34   3140   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-12-01 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 05:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-05-13 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 22:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 05:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 05:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 05:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

[-] 2008-04-14 05:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 05:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-28_17.25.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-03 19:54 . 2009-12-03 19:54   16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_864.dat
+ 2008-11-30 10:53 . 2008-11-30 10:53   56496 c:\windows\system32\WBHELP2.DLL
+ 2009-10-08 14:56 . 2009-10-08 14:56   20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2009-05-08 08:32 . 2009-10-02 04:44   92160 c:\windows\system32\dllcache\iecompat.dll
+ 2009-03-06 12:48 . 2009-12-03 19:54   32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-06 12:48 . 2009-11-28 17:00   32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 12:48 . 2009-12-03 19:54   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-06 12:48 . 2009-11-28 17:00   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-21 23:39 . 2009-11-28 17:00   16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-21 23:39 . 2009-12-03 19:54   16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-03-06 12:48 . 2009-11-28 17:00   32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-06 12:48 . 2009-12-03 19:54   32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-29 21:01 . 2009-11-29 21:01   65952 c:\windows\Installer\{28843119-6179-4E87-9274-B53F90BFDF8C}\POWERARC.exe
+ 2009-10-08 14:57 . 2009-10-08 14:57   220160 c:\windows\system32\dllcache\oleacc.dll
+ 2009-11-29 21:01 . 2009-11-29 21:01   501248 c:\windows\Installer\14aba74.msi
+ 2009-12-01 16:46 . 2009-05-26 11:40   382840 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll
+ 2009-12-01 16:46 . 2009-05-26 11:40   231288 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe
+ 2009-12-01 16:46 . 2009-08-07 08:48   100352 c:\windows\ie8updates\KB975364-IE8\iecompat.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\sp]
@="{96AFBE69-C3B0-4b00-8578-D933D2896EE2}"
[HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2}]
2009-12-03 00:21   58368   ----a-w-   c:\documents and settings\All Users\Application Data\SP\sp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-12 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-01 69632]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-3-6 1048576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe"
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16805:TCP"= 16805:TCP:spport
"7921:TCP"= 7921:TCP:spport
"6252:TCP"= 6252:TCP:spport
"28124:TCP"= 28124:TCP:spport
"24938:TCP"= 24938:TCP:spport
"23423:TCP"= 23423:TCP:spport
"5151:TCP"= 5151:TCP:spport
"24507:TCP"= 24507:TCP:spport
"19168:TCP"= 19168:TCP:spport
"6750:TCP"= 6750:TCP:spport
"23221:TCP"= 23221:TCP:spport
"25219:TCP"= 25219:TCP:spport
"9275:TCP"= 9275:TCP:spport
"15097:TCP"= 15097:TCP:spport
"21480:TCP"= 21480:TCP:spport
"26558:TCP"= 26558:TCP:spport
"20232:TCP"= 20232:TCP:spport
"26032:TCP"= 26032:TCP:spport
"12847:TCP"= 12847:TCP:spport
"17922:TCP"= 17922:TCP:spport
"26988:TCP"= 26988:TCP:spport
"11775:TCP"= 11775:TCP:spport

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/11/2009 22:24 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [07/03/2009 15:28 93320]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [01/06/2008 07:13 34064]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [04/08/2004 12:00 14336]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06/03/2009 12:56 802048]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [06/03/2009 13:01 1287296]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 USB-100;USB Fast Ethernet Adapter;c:\windows\system32\drivers\USB150.SYS [06/03/2009 13:42 23938]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   REG_MULTI_SZ     scan
netsvc   REG_MULTI_SZ     SPService
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\vo86a8m1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D3E369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf767ff28
\Driver\ACPI -> ACPI.sys @ 0xf74f2cb8
\Driver\atapi -> atapi.sys @ 0xf74aa852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\WININET.dll
.
Completion time: 2009-12-03 20:17
ComboFix-quarantined-files.txt 2009-12-03 20:17
ComboFix2.txt 2009-11-28 17:31

Pre-Run: 148,677,890,048 bytes free
Post-Run: 148,668,030,976 bytes free

- - End Of File - - B1BB12358AA2004DAA162EAE38D5BC2E

jamie1 · « **Reply #42 on:** December 03, 2009, 02:27:49 PM »

Still re-directing.

jamie1 · « **Reply #43 on:** December 03, 2009, 03:23:52 PM »

I notice that although ComboFix has set a new system restore point that I cannot go back on the calendar and access any other system restore points. Haven't heard the radio playing through the computer for a while.

Hoov · « **Reply #44 on:** December 03, 2009, 04:29:47 PM »

OK, so we are making some progress. Is it just Firefox being redirected, or do other browsers get redirected as well?

Also have you been putting in any home made CD's or DVD's? Using any thumbdrives?

News:

Author Topic: [Resolved] Internet URL re-directions (Read 12076 times)

Hoov

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

Hoov

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

Hoov

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

Hoov

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

Hoov

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

Hoov

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

jamie1

Re: [In Progress] Internet URL re-directions

Hoov

Re: [In Progress] Internet URL re-directions