Virus/Malware Please help

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages

1 2 3 >

Virus/Malware Please help

Options

rubent100 View Member Profile	Dec 4 2009, 07:16 PM Post #1
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	I have a very bad infection were im unable to click exe, drag and drop icons or use the internet. For a long time, all virus scanners/removers would close on me but i managed to get combofix, hijacks, viperescue and wind32diag logs using Rkill. However i cannot get Malwarebytes to run. Here is my Hijackthis log attached. Any help is very much appriciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:14 PM, on 12/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\haha\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\photoshop\Start Menu\Programs\UB\UB.lnk (HKCU) O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\photoshop\Start Menu\Programs\UB\UB.lnk (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Wired AutoConfig (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensible Authentication Protocol Service (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Health Key and Certificate Management Service (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Network Access Protection Agent (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Pixar Alfred Server 13.5.2 - Unknown owner - C:\Program Files\Pixar\RenderManProServer-13.5.2\bin\alfserver.exe O23 - Service: Pixar License Server 5.0.2 - Unknown owner - C:\Program Files\Pixar\license-5.0.2\PixarLicenseServer.exe O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: User Privilege Service (usprserv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: TuneUp Theme Extension (UxTuneUp) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12412 bytes Attached File(s)* hijackthis_log.txt ( 12.12k ) Number of downloads: 6

rubent100 View Member Profile	Dec 5 2009, 05:00 PM Post #2
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	I should add that when i try to run MAlwarebytes i get this error: Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated . Make sure to save using the version of control that was provided with application. Also when i try to run Firewall.cpl , i get " Windows firewall settings cannot be displayed because associated services is not running. Windows installer service cannot be accessed. Thanks for help.

rubent100 View Member Profile	Dec 12 2009, 03:57 AM Post #3
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	Sorry i post twice on accident. This post has been edited by rubent100: Dec 12 2009, 05:58 PM

rubent100 View Member Profile	Dec 12 2009, 05:51 PM Post #4
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	Sorry i forgot to add my DDS log. DDS (Ver_09-09-29.01) - NTFSx86 Run by photoshop at 17:00:14.37 on Fri 12/11/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *.local mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k DPF: {17492023-C23A-453E-A040-C7C580BBF700} DPF: {233C1507-6A77-46A4-9443-F871F945D258} DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\photos~1\applic~1\mozilla\firefox\profiles\tcuf8iid.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q= FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q= FF - plugin: c:\documents and settings\photoshop\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS =============== ============== File Associations =============== regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-12-11 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-11 16:10 <DIR> --d----- c:\program files\ggg 2009-12-11 14:03 578,560 ac------ c:\windows\system32\dllcache\user32.dll 2009-12-11 14:01 <DIR> --d----- c:\windows\ERUNT 2009-12-11 13:25 <DIR> --d----- C:\SDFix 2009-12-10 19:15 <DIR> --d----- C:\Sandbox 2009-12-10 16:34 56,320 a------- C:\eventlog.dll 2009-12-10 16:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-10 16:10 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-12-10 16:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-12-04 12:50 <DIR> --d----- c:\program files\Trend Micro 2009-12-04 12:13 261,632 a------- c:\windows\PEV.exe 2009-12-04 12:13 161,792 a------- c:\windows\SWREG.exe 2009-12-04 12:13 98,816 a------- c:\windows\sed.exe 2009-12-04 12:13 77,312 a------- c:\windows\MBR.exe 2009-12-04 12:06 <DIR> --d----- C:\cacarata 2009-12-03 15:27 93,872 a------- c:\windows\system32\drivers\SBREDrv.sys 2009-12-03 15:27 27,944 a------- c:\windows\system32\sbbd.exe 2009-12-03 15:26 <DIR> --d----- C:\VIPRERESCUE 2009-12-02 21:19 1,101,824 a------- c:\windows\system32\UniBox210.ocx 2009-12-02 21:19 880,640 a------- c:\windows\system32\UniBox10.ocx 2009-12-02 21:19 212,992 a------- c:\windows\system32\UniBoxVB12.ocx 2009-12-02 21:19 <DIR> --d----- c:\program files\common files\PC Tools 2009-12-02 20:52 <DIR> --d----- c:\windows\system32\drivers\NAV 2009-12-02 17:12 <DIR> --d----- c:\program files\CleanUp! 2009-12-01 14:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software 2009-12-01 14:22 389,120 a------- c:\windows\system32\cmd.execf 2009-12-01 13:58 <DIR> --d----- c:\windows\ASUSInstAll 2009-11-27 14:26 <DIR> --d----- C:\Riot Games 2009-11-27 13:44 <DIR> -cd-h--- c:\windows\ie8 2009-11-27 13:18 604,488 a------- c:\windows\system32\TUProgSt.exe 2009-11-27 13:18 29,000 a------- c:\windows\system32\uxtuneup.dll 2009-11-27 13:18 361,288 a------- c:\windows\system32\TuneUpDefragService.exe 2009-11-18 10:31 <DIR> --d----- c:\docume~1\photos~1\applic~1\UB ==================== Find3M ==================== 2009-10-08 01:42 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-25 08:41 856,064 a------- c:\windows\system32\divx_xx0c.dll 2009-09-25 08:41 856,064 a------- c:\windows\system32\divx_xx07.dll 2009-09-25 08:41 847,872 a------- c:\windows\system32\divx_xx0a.dll 2009-09-25 08:41 843,776 a------- c:\windows\system32\divx_xx16.dll 2009-09-25 08:41 839,680 a------- c:\windows\system32\divx_xx11.dll 2009-09-25 08:41 696,320 a------- c:\windows\system32\DivX.dll 2009-08-26 11:21 70,984 ac------ c:\documents and settings\photoshop\g2mdlhlpx.exe 2008-04-19 02:41 21 ac------ c:\program files\common files\appop.log 2007-11-11 20:45 0 ac------ c:\documents and settings\photoshop\hdrtoxsi.exe 2007-10-12 11:39 4,078 ac------ c:\program files\UVAutoRatio.txt 2006-06-22 22:48 32,768 ac---r-- c:\windows\inf\UpdateUSB.exe ============= FINISH: 17:00:35.65 ===============

schrauber View Member Profile	Dec 18 2009, 02:25 PM Post #5
Mr.Mechanic Group: Malware Response Team Posts: 20,994 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable as from friday 20th august If I have helped you then please consider donating to continue the fight against malware

schrauber View Member Profile	Dec 23 2009, 11:07 AM Post #6
Mr.Mechanic Group: Malware Response Team Posts: 20,994 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Due to the lack of feedback, this topic is now closed. If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic. -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable as from friday 20th august If I have helped you then please consider donating to continue the fight against malware

schrauber View Member Profile	Jan 17 2010, 06:53 AM Post #7
Mr.Mechanic Group: Malware Response Team Posts: 20,994 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Reopened by user request. -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable as from friday 20th august If I have helped you then please consider donating to continue the fight against malware

rubent100 View Member Profile	Jan 17 2010, 07:03 AM Post #8
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	Hello, here is my DDS log: DDS (Ver_09-09-29.01) - NTFSx86 Run by photoshop at 17:00:14.37 on Fri 12/11/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *.local mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k DPF: {17492023-C23A-453E-A040-C7C580BBF700} DPF: {233C1507-6A77-46A4-9443-F871F945D258} DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\photos~1\applic~1\mozilla\firefox\profiles\tcuf8iid.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q= FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q= FF - plugin: c:\documents and settings\photoshop\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS =============== ============== File Associations =============== regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-12-11 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-11 16:10 <DIR> --d----- c:\program files\ggg 2009-12-11 14:03 578,560 ac------ c:\windows\system32\dllcache\user32.dll 2009-12-11 14:01 <DIR> --d----- c:\windows\ERUNT 2009-12-11 13:25 <DIR> --d----- C:\SDFix 2009-12-10 19:15 <DIR> --d----- C:\Sandbox 2009-12-10 16:34 56,320 a------- C:\eventlog.dll 2009-12-10 16:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-10 16:10 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-12-10 16:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-12-04 12:50 <DIR> --d----- c:\program files\Trend Micro 2009-12-04 12:13 261,632 a------- c:\windows\PEV.exe 2009-12-04 12:13 161,792 a------- c:\windows\SWREG.exe 2009-12-04 12:13 98,816 a------- c:\windows\sed.exe 2009-12-04 12:13 77,312 a------- c:\windows\MBR.exe 2009-12-04 12:06 <DIR> --d----- C:\cacarata 2009-12-03 15:27 93,872 a------- c:\windows\system32\drivers\SBREDrv.sys 2009-12-03 15:27 27,944 a------- c:\windows\system32\sbbd.exe 2009-12-03 15:26 <DIR> --d----- C:\VIPRERESCUE 2009-12-02 21:19 1,101,824 a------- c:\windows\system32\UniBox210.ocx 2009-12-02 21:19 880,640 a------- c:\windows\system32\UniBox10.ocx 2009-12-02 21:19 212,992 a------- c:\windows\system32\UniBoxVB12.ocx 2009-12-02 21:19 <DIR> --d----- c:\program files\common files\PC Tools 2009-12-02 20:52 <DIR> --d----- c:\windows\system32\drivers\NAV 2009-12-02 17:12 <DIR> --d----- c:\program files\CleanUp! 2009-12-01 14:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software 2009-12-01 14:22 389,120 a------- c:\windows\system32\cmd.execf 2009-12-01 13:58 <DIR> --d----- c:\windows\ASUSInstAll 2009-11-27 14:26 <DIR> --d----- C:\Riot Games 2009-11-27 13:44 <DIR> -cd-h--- c:\windows\ie8 2009-11-27 13:18 604,488 a------- c:\windows\system32\TUProgSt.exe 2009-11-27 13:18 29,000 a------- c:\windows\system32\uxtuneup.dll 2009-11-27 13:18 361,288 a------- c:\windows\system32\TuneUpDefragService.exe 2009-11-18 10:31 <DIR> --d----- c:\docume~1\photos~1\applic~1\UB ==================== Find3M ==================== 2009-10-08 01:42 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-25 08:41 856,064 a------- c:\windows\system32\divx_xx0c.dll 2009-09-25 08:41 856,064 a------- c:\windows\system32\divx_xx07.dll 2009-09-25 08:41 847,872 a------- c:\windows\system32\divx_xx0a.dll 2009-09-25 08:41 843,776 a------- c:\windows\system32\divx_xx16.dll 2009-09-25 08:41 839,680 a------- c:\windows\system32\divx_xx11.dll 2009-09-25 08:41 696,320 a------- c:\windows\system32\DivX.dll 2009-08-26 11:21 70,984 ac------ c:\documents and settings\photoshop\g2mdlhlpx.exe 2008-04-19 02:41 21 ac------ c:\program files\common files\appop.log 2007-11-11 20:45 0 ac------ c:\documents and settings\photoshop\hdrtoxsi.exe 2007-10-12 11:39 4,078 ac------ c:\program files\UVAutoRatio.txt 2006-06-22 22:48 32,768 ac---r-- c:\windows\inf\UpdateUSB.exe ============= FINISH: 17:00:35.65 ===============

schrauber View Member Profile	Jan 17 2010, 04:35 PM Post #9
Mr.Mechanic Group: Malware Response Team Posts: 20,994 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hello, rubent100 and again Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. If you do not make a reply in 5 days, we will have to close your topic. You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here. Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable as from friday 20th august If I have helped you then please consider donating to continue the fight against malware

rubent100 View Member Profile	Jan 17 2010, 07:12 PM Post #10
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	Hello, here is my GMER log: GMER 1.0.15.15252 - http://www.gmer.net Rootkit quick scan 2009-12-03 14:35:06 Windows 5.1.2600 Service Pack 3 Running: test.exe.exe; Driver: C:\DOCUME~1\PHOTOS~1\LOCALS~1\Temp\agtirpow.sys ---- System - GMER 1.0.15 ---- SSDT spuy.sys ZwEnumerateKey [0xF74F6CA2] SSDT spuy.sys ZwEnumerateValueKey [0xF74F7030] ---- Devices - GMER 1.0.15 ---- Device 8AF361F8 Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device 899731F8 Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----

schrauber View Member Profile	Jan 18 2010, 02:09 PM Post #11
Mr.Mechanic Group: Malware Response Team Posts: 20,994 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, Please go here and have a look how you can disable your security software. Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop. Link 1 Link 2 -------------------------------------------------------------------- Double click on the renamed Combofix.exe & follow the prompts. When finished, it will produce a report for you. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper If you need help, see this link: http://www.bleepingcomputer.com/combofix/how-to-use-combofix -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable as from friday 20th august** If I have helped you then please consider donating to continue the fight against malware

rubent100 View Member Profile	Jan 19 2010, 05:15 PM Post #12
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	Hello, and thanks for the help. Here is my log combofix log. ComboFix 09-12-03.06 - photoshop 12/04/2009 12:14.2.2 - x86 Running from: E:\cacarata.com . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll c:\windows\patchw32.dll c:\windows\system32\eventlog.dll . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-11-04 to 2009-12-04 ))))))))))))))))))))))))))))))) . 2009-12-04 08:09 . 2008-10-23 00:10 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-04 08:09 . 2008-10-23 00:10 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-04 08:09 . 2009-12-04 08:09 -------- d-----w- C:\Malwarebytes' Anti-Malware 2009-12-04 07:39 . 2009-12-04 07:39 -------- d-----w- C:\SDFix 2009-12-03 23:27 . 2009-09-07 21:02 27944 ----a-w- c:\windows\system32\sbbd.exe 2009-12-03 23:27 . 2009-08-05 22:58 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-12-03 23:26 . 2009-12-04 04:49 -------- d-----w- C:\VIPRERESCUE 2009-12-03 05:19 . 2009-12-03 05:19 -------- d-----w- c:\program files\Common Files\PC Tools 2009-12-03 04:51 . 2009-12-03 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-12-03 01:12 . 2009-12-04 07:39 -------- d-----w- c:\program files\CleanUp! 2009-12-01 23:57 . 2009-12-04 08:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-01 22:23 . 2009-12-01 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-12-01 21:58 . 2009-12-01 21:58 -------- d-----w- c:\windows\ASUSInstAll 2009-12-01 21:46 . 2009-12-01 21:46 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\Mozilla 2009-12-01 21:45 . 2009-12-01 21:45 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\Apple Computer 2009-12-01 21:45 . 2009-12-03 01:15 -------- d-sh--w- c:\documents and settings\test\IETldCache 2009-11-27 22:26 . 2009-11-27 22:26 -------- d-----w- C:\Riot Games 2009-11-27 21:44 . 2009-11-27 21:44 -------- dc-h--w- c:\windows\ie8 2009-11-27 21:18 . 2009-11-27 21:18 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-11-27 21:18 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2009-11-27 21:18 . 2009-11-27 21:18 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-11-20 04:29 . 2009-11-20 04:29 147456 ----a-w- c:\documents and settings\photoshop\Application Data\Absolute Poker\DownLoadInst\liveupdate.exe 2009-11-18 18:34 . 2009-11-24 23:26 159744 ----a-w- c:\documents and settings\photoshop\Application Data\UB\DownLoadInst\liveupdate.exe 2009-11-18 18:31 . 2009-11-24 23:26 -------- d-----w- c:\documents and settings\photoshop\Application Data\UB . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-04 20:31 . 2007-12-16 04:22 -------- d-----w- c:\documents and settings\photoshop\Application Data\WTablet 2009-12-04 20:30 . 2007-12-16 04:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet 2009-12-04 20:01 . 2009-10-23 09:45 0 ----a-r- c:\windows\win32k.sys 2009-12-04 06:09 . 2009-12-03 04:52 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-03 20:25 . 2007-07-20 05:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-03 05:15 . 2008-06-10 17:08 -------- d-----w- c:\program files\Bonjour 2009-12-03 04:55 . 2009-12-03 04:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-12-03 04:55 . 2009-12-03 04:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-12-03 04:55 . 2009-12-03 04:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-12-03 04:55 . 2009-12-03 04:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-12-03 04:55 . 2009-12-03 04:52 -------- d-----w- c:\program files\Symantec 2009-12-03 04:52 . 2009-12-03 04:52 -------- d-----w- c:\program files\Windows Sidebar 2009-12-03 04:52 . 2009-12-03 04:52 -------- d-----w- c:\program files\Norton AntiVirus 2009-12-03 04:52 . 2009-12-03 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-12-03 04:16 . 2008-11-30 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-12-03 01:14 . 2008-04-25 21:39 -------- d-----w- c:\documents and settings\photoshop\Application Data\XnView 2009-12-03 01:14 . 2007-07-06 04:58 -------- d-----w- c:\documents and settings\photoshop\Application Data\LimeWire 2009-12-02 16:07 . 2008-11-21 01:38 -------- d-----w- c:\program files\Sportsbook Poker 2009-12-02 15:51 . 2008-12-02 09:55 -------- d-----w- c:\program files\RegVac Registry Cleaner 2009-12-02 15:49 . 2008-12-01 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-02 08:16 . 2009-10-06 05:23 -------- d-----w- c:\program files\UltimateBet 2009-12-02 02:31 . 2008-01-22 23:41 -------- d-----w- c:\documents and settings\photoshop\Application Data\uTorrent 2009-12-01 23:15 . 2009-10-25 00:15 -------- d-----w- c:\program files\Steam 2009-12-01 20:22 . 2008-10-28 00:07 -------- d-----w- c:\program files\PlayersOnly Poker 2009-11-28 11:03 . 2008-07-24 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-27 22:26 . 2007-12-05 11:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-27 21:18 . 2009-03-27 08:20 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-11-20 18:21 . 2008-05-31 09:15 -------- d-----w- c:\program files\Full Tilt Poker 2009-11-20 04:27 . 2009-09-21 05:47 -------- d-----w- c:\documents and settings\photoshop\Application Data\Absolute Poker 2009-11-18 18:31 . 2009-09-21 05:47 -------- d-----w- c:\program files\_uninstallation_info 2009-11-18 05:45 . 2007-07-28 07:49 -------- d-----w- c:\documents and settings\photoshop\Application Data\BitTorrent 2009-11-14 09:12 . 2009-08-16 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-11-14 09:12 . 2009-08-16 19:17 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-11-14 09:12 . 2009-08-16 19:07 38208 ----a-w- c:\documents and settings\photoshop\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-11-04 09:16 . 2009-02-28 21:18 -------- d-----w- c:\documents and settings\photoshop\Application Data\EditPlus 3 2009-11-03 11:32 . 2007-05-21 20:33 560456 -c--a-w- c:\documents and settings\photoshop\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-31 01:11 . 2008-07-24 23:02 -------- d-----w- c:\program files\Microsoft Works 2009-10-30 00:24 . 2009-10-30 00:24 -------- d-----w- c:\documents and settings\photoshop\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 2009-10-26 05:54 . 2007-11-28 19:03 -------- d-----w- c:\program files\DivX 2009-10-26 05:54 . 2009-05-30 22:30 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-10-25 02:10 . 2009-10-06 05:25 159744 ----a-w- c:\documents and settings\photoshop\Application Data\UltimateBet\DownLoad\liveupdate.exe 2009-10-25 02:10 . 2009-10-06 05:23 -------- d-----w- c:\documents and settings\photoshop\Application Data\UltimateBet 2009-10-25 02:05 . 2009-09-21 05:49 147456 ----a-w- c:\documents and settings\photoshop\Application Data\Absolute Poker\DownLoad\liveupdate.exe 2009-10-25 01:49 . 2009-10-25 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CCP 2009-10-23 09:39 . 2009-07-06 05:29 -------- d-----w- c:\program files\Pixar 2009-10-22 16:25 . 2009-10-22 16:24 -------- d-----w- c:\documents and settings\photoshop\Application Data\Tropico3 2009-10-15 02:57 . 2009-10-15 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\realtech VR 2009-10-15 02:57 . 2009-10-15 02:57 -------- d-----w- c:\program files\realtech VR 2009-10-15 02:50 . 2009-10-15 02:50 25600 ----a-r- c:\documents and settings\photoshop\Application Data\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe 2009-10-13 05:39 . 2009-10-13 05:39 -------- d-----w- c:\program files\id Software 2009-10-12 10:00 . 2009-10-12 09:58 -------- d-----w- c:\program files\Best MIDI to MP3 2009-10-12 09:53 . 2009-10-12 09:53 -------- d-----w- c:\documents and settings\photoshop\Application Data\Music Recognition 2009-10-12 09:53 . 2009-10-12 09:53 -------- d-----w- c:\program files\WIDI 3.3 Pro 2009-10-12 09:44 . 2009-10-12 09:44 -------- d-----w- c:\program files\MIDI Converter Studio 2009-10-12 05:44 . 2008-02-08 10:05 -------- d-----w- c:\documents and settings\photoshop\Application Data\dvdcss 2009-10-10 09:19 . 2009-10-10 09:19 -------- d-----w- c:\documents and settings\photoshop\Application Data\com.pogopixels.youtubewidget.87E5CAE3D92C22273CA5349DA800745C311CA4D3.1 2009-10-10 09:19 . 2009-10-10 09:19 -------- d-----w- c:\program files\YouTube Widget 2009-10-10 09:04 . 2007-09-08 04:42 -------- d-----w- c:\program files\Yahoo! 2009-10-10 08:39 . 2009-10-10 08:39 -------- d-----w- c:\documents and settings\photoshop\Application Data\com.adobe.example.AdobeShortcutApp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-10-10 08:39 . 2009-10-10 08:39 -------- d-----w- c:\program files\Adobe Shortcut App 2009-10-09 22:24 . 2009-10-09 22:24 -------- d-----w- c:\program files\Digieffects 2009-10-09 22:05 . 2007-12-05 12:40 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-08 09:42 . 2009-10-08 09:43 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 09:41 . 2007-07-06 04:57 -------- d-----w- c:\program files\Java 2009-10-08 09:37 . 2009-10-08 09:34 152576 ----a-w- c:\documents and settings\photoshop\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-06 20:45 . 2009-10-06 20:44 -------- d-----w- c:\program files\iTunes 2009-10-06 20:45 . 2009-10-06 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-06 20:45 . 2009-10-06 20:45 -------- d-----w- c:\program files\iPod 2009-10-06 20:44 . 2007-12-10 09:00 -------- d-----w- c:\program files\Common Files\Apple 2009-10-06 20:43 . 2008-02-07 04:58 -------- d-----w- c:\program files\QuickTime 2009-10-06 20:32 . 2009-10-06 20:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-12 06:33 . 2009-09-12 06:32 1925024 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2008-04-19 10:41 . 2008-04-19 10:26 21 -c--a-w- c:\program files\Common Files\appop.log 2007-10-12 19:39 . 2007-11-11 22:17 4078 -c--a-w- c:\program files\UVAutoRatio.txt 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\system32\DRIVERS\atapi.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe [-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2008-11-30 . 9B1BD82BD0761B5BA986AF66D2809C30 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [-] 2005-09-01 . A93B7C3B08B9AC15B4DCDC96A50E4C2C . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\S-1-5-18\e0dc0b83689ce7b61aec9a92ab403ff5\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\sp2qfe\kernel32.dll [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\sp2gdr\kernel32.dll [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\S-1-5-18\e0dc0b83689ce7b61aec9a92ab403ff5\backup\sp2gdr\linkinfo.dll [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\S-1-5-18\e0dc0b83689ce7b61aec9a92ab403ff5\backup\sp2qfe\linkinfo.dll [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll [-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\SP3GDR\mshtml.dll [-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3GDR\mshtml.dll [-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\SP3QFE\mshtml.dll [-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3QFE\mshtml.dll [-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\system32\mshtml.dll [-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\system32\dllcache\mshtml.dll [-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll [-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll [-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll [-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll [-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll [-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll [-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll [-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll [-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\SoftwareDistribution\Download\b59c47c087d8607ee5452d74558cfb01\sp2qfe\mshtml.dll [-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\SoftwareDistribution\Download\b59c47c087d8607ee5452d74558cfb01\sp2gdr\mshtml.dll [-] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll [-] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\a6e4f77e54d6ccd253ced65e20a57cd2\sp2qfe\mshtml.dll [-] 2007-01-04 . F31274D7667D83E73C6EE16D2206B76C . 3056640 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\a6e4f77e54d6ccd253ced65e20a57cd2\sp2gdr\mshtml.dll [-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll [-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll [-] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntoskrnl.exe [-] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntoskrnl.exe [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntoskrnl.exe [-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntoskrnl.exe [-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe [-] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe [-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe [-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe [-] 2006-12-19 . 8F0DEAB1F81FB83F9C5995853CE48B9F . 2180352 . . [5.1.2600.3051] . . c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe [-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 14336 . . [------] . . c:\windows\system32\svchost.exe [-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\SP3GDR\wininet.dll [-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3GDR\wininet.dll [-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\SP3QFE\wininet.dll [-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3QFE\wininet.dll [-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\system32\wininet.dll [-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\system32\dllcache\wininet.dll [-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll [-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll [-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll [-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll [-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll [-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\SoftwareDistribution\Download\b59c47c087d8607ee5452d74558cfb01\sp2qfe\wininet.dll [-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\SoftwareDistribution\Download\b59c47c087d8607ee5452d74558cfb01\sp2gdr\wininet.dll [-] 2007-01-04 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll [-] 2007-01-04 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\a6e4f77e54d6ccd253ced65e20a57cd2\sp2qfe\wininet.dll [-] 2007-01-04 . 8C393DF5234CBCBFF1EE31902D6B40AE . 658944 . . [6.00.2900.3059] . . c:\windows\SoftwareDistribution\Download\a6e4f77e54d6ccd253ced65e20a57cd2\sp2gdr\wininet.dll [-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll [-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll [-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 00:11 . 6CD7F13B1F144218B0CBF0FBC8ACC564 . 61952 . . [------] . . c:\windows\system32\eventlog.dll [-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll [-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2008-11-30 20:41 . !HASH: COULD NOT OPEN FILE !!!!! . 295424 . . [------] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys [-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-28 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2006-02-28 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll [-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll [-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll [-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntkrnlpa.exe [-] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntkrnlpa.exe [-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntkrnlpa.exe [-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe [-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe [-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe [-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe [-] 2006-12-19 . 1D659BFB788ED2BA45075624B748D249 . 2057600 . . [5.1.2600.3051] . . c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe [-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll [-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^P2 Card Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\P2 Card Manager.lnk backup=c:\windows\pss\P2 Card Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^photoshop^Start Menu^Programs^Startup^9956126.lnk] path=c:\documents and settings\photoshop\Start Menu\Programs\Startup\9956126.lnk backup=c:\windows\pss\9956126.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^photoshop^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\photoshop\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^photoshop^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\photoshop\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^photoshop^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\photoshop\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 (0x2) "Themes"=2 (0x2) "SharedAccess"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe "SoundMAX"="c:\program files\Analog Devices\SoundMAX\smax4.exe" /tray "MSConfig"=c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Riot Games\\League of Legends\\air\\LolClient.exe"= "c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"= "c:\\Riot Games\\League of Legends\\lol.launcher.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "5353:TCP"= 5353:TCP:Adobe CSI CS4 "8370:TCP"= 8370:TCP:League of Legends Launcher "8370:UDP"= 8370:UDP:League of Legends Launcher "8371:TCP"= 8371:TCP:League of Legends Launcher "8371:UDP"= 8371:UDP:League of Legends Launcher "8372:TCP"= 8372:TCP:League of Legends Launcher "8372:UDP"= 8372:UDP:League of Legends Launcher "6906:TCP"= 6906:TCP:League of Legends Launcher "6906:UDP"= 6906:UDP:League of Legends Launcher "6892:TCP"= 6892:TCP:League of Legends Launcher "6892:UDP"= 6892:UDP:League of Legends Launcher "6881:TCP"= 6881:TCP:League of Legends Launcher "6881:UDP"= 6881:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client "6887:TCP"= 6887:TCP:League of Legends Launcher "6887:UDP"= 6887:UDP:League of Legends Launcher R0 wzlfskpa;wzlfskpa;c:\windows\system32\drivers\iuga.sys [x] R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392] R2 Pixar Alfred Server 13.5.2;Pixar Alfred Server 13.5.2;c:\program files\Pixar\RenderManProServer-13.5.2\bin\alfserver.exe [2009-10-23 1581056] R2 Pixar License Server 5.0.2;Pixar License Server 5.0.2;c:\program files\Pixar\license-5.0.2\PixarLicenseServer.exe [2007-12-11 741376] R3 rr;rr;c:\windows\system32\drivers\rr.sys [x] R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-02-02 715248] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1100000.088\SYMDS.SYS [2009-08-30 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS [2009-08-30 169008] S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys [2009-08-30 506928] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1100000.088\ccHPx86.sys [2009-08-24 501888] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2009-08-05 93872] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1100000.088\Ironx86.SYS [2009-08-30 114736] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSxpx86.sys [2009-08-30 329080] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 332928] S3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-11-28 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54] 2009-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-823518204-725345543-1006Core.job - c:\documents and settings\photoshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-08 09:10] 2009-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-823518204-725345543-1006UA.job - c:\documents and settings\photoshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-08 09:10] 2009-11-28 c:\windows\Tasks\User_Feed_Synchronization-{E1DF9681-24F9-4D27-AA8B-FE641C9CC637}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\photoshop\Application Data\Mozilla\Firefox\Profiles\tcuf8iid.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q= FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q= FF - plugin: c:\documents and settings\photoshop\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- . . ------- File Associations ------- . regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll HKCU-Run-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe AddRemove-Bodog Poker_is1 - c:\program files\Bodog Poker\unins000.exe AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe AddRemove-NAV - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.0.0.136\InstStub.exe AddRemove-OnlyPoker - c:\program files\OnlyPoker\uninstall.exe AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 AddRemove-Registry Mechanic_is1 - c:\program files\Registry Mechanic\unins000.exe AddRemove-Silhouette v3 - c:\documents and settings\All Users\Application Data\{BFE3CBE8-35B9-4876-A2F5-37355C201282}\Silhouette_v3r2.exe REMOVE=TRUE MODIFY=FALSE AddRemove-Wavetwokind - c:\docume~1\PHOTOS~1\APPLIC~1\16DENT~1\intra camp.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-04 12:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spis.sys >>UNKNOWN [0x8AF33944]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28 \Driver\ACPI -> ACPI.sys @ 0xf7498cb8 \Driver\atapi -> atapi.sys @ 0xf7859b40 IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686 ParseProcedure -> 0x885d11b0 \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686 ParseProcedure -> 0x885d11b0 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.0.0.136\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-823518204-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39718E80-E01B-1DC2-C4B9-22B77351659E}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iadclpddfaocecnhgl"=hex:6b,61,69,6a,6e,68,69,66,6c,6b,6e,67,64,6d,67,70,62,6f, 64,66,6c,66,00,00 "hajcdneljailhfgk"=hex:6b,61,69,6a,6e,68,69,66,6c,6b,6e,67,64,6d,67,70,62,6f, 64,66,6c,66,00,00 [HKEY_USERS\S-1-5-21-299502267-823518204-725345543-1006\Software\SecuROM\License information] "datasecu"=hex:30,35,a6,de,4c,16,bf,7b,49,1a,eb,2c,02,1b,18,59,99,5b,23,de,1f, aa,1b,ce,38,94,d3,18,fc,26,da,d8,a8,39,75,d9,db,6d,26,ca,31,31,0c,8a,65,f8,\ "rkeysecu"=hex:99,df,65,fc,2d,68,40,51,c1,36,7b,f2,29,5d,2b,b0 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3150842F-D50B-04EC-24EF-53CA5C989128}\InProcServer32] "pajleiegbbjcicgjmkgjnpdgfkhabddm"=hex:6a,61,6c,63,66,69,66,65,68,6f,70,6d,6b, 63,6a,62,6d,67,68,6b,00,f8 "oajlocccgcnmfbjabckgnojakonjcl"=hex:6a,61,6c,63,66,69,66,65,68,6f,70,6d,6b,63, 6a,62,6d,67,68,6b,00,f8 [HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data] @DACL= "CTE_32 Name"="996093:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}" [HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{7F91A45B-6B5F-C2EA-301C-C31FD25A9C54}\Data] @DACL= "Templates"="-9:{5FD13A4A-FC54-8A9D-247A-7153B0B91418}" [HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data] @DACL= "DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}" [HKEY_LOCAL_MACHINE\software\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200] @DACL= "MaxDeviceNameLen"="6bÇÉafÖ0000¡Ø\1e1558w" "NoPollSucceed"="{CF9EFB5A-49B2-0690-684C-7A204D556DBD}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\InstallLoc\VxDs] @DACL= "CTE_32 Name"="2455110:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{974B9511-91D5-AEE4-5E77-0AF54DD3BA55}\InstallLoc\VxDs] @DACL= "Templates"="2455109:{E1E6CBBC-E7CA-AB6C-D7EB-63563C5B204D}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\InstallLoc\xga-1-{8C89CDC9-3FE5-9874-9DE1-FD6C1D9FC9A0}\Version 1.1] @DACL= "dat"="1008457420:{7C4B1E55-D329-4B61-FCAC-2398B4352C96}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€\|ÿÿÿÿÀ•€\|ù•A~] "AB141C35E9F4BF344B9FC010BB17F68A"="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}] @DACL= "DefaultSettings"="2455131:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z\{{62148CCA-49D6-61B1-542F-6B093502D815}}] @DACL= "WinXP"="2048:{83CB76E3-95AF-3149-EB35-9E15F6375F54}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z\{{6BB58B63-B471-DBB2-FF15-E5C1604D6F66}}] @DACL= "Templates"="4356:{F779BA6E-CD26-8029-A255-1A7CE3781BE4}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{C0F64DD0-26CB-C3BF-0EED-F74CD9AB0D76}\InstallLoc\xga-1\dat] @DACL= "default"="516231349:{DE7481F5-89D6-0D19-A366-C99A64771903}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{C0F64DD0-26CB-C3BF-0EED-F74CD9AB0D76}\InstallLoc\xga-3\dat] @DACL= "default"="516231681:{D4A8C2B4-04A0-EB05-7E62-2C2B1F2DF3F5}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX\CurrentVersion\InstallLoc\xga-1-{8C89CDC9-3FE5-9874-9DE1-FD6C1D9FC9A0}\Version 3.x] @DACL= "dat"="1767914624:{6EA4DB66-697C-1969-CE32-E832D2CB2825}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll] @DACL= "AplicationGoo"="6b)#b7¾f37c?ál2515Ö" "ChkAppHelp"="{779F9FE4-5065-AD7A-99E3-C2E47BCF369F}" [HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA\Providers\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\CurrentSet\xga-1\ver] @DACL= "KnownSvcs"="923715146:{E4FC0929-3FF7-9DDB-E2EF-357544041695}" [HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA\Providers\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\CurrentSet\xga-3\ver] @DACL= "KnownSvcs"="923714814:{2A42AB49-42A6-B3C3-FCD1-6887C392CB17}" [HKEY_LOCAL_MACHINE\software\XBMga\UUIDs\{6221A92D-B135-7632-3B1C-67DDFA0876BE}\xga-1\InstallLoc] @DACL= "{19620715-0001-1211-574574-30001}"="234522526:{A1F2E68F-662C-6225-8F65-2CD46A500E76}" [HKEY_LOCAL_MACHINE\software\XBMga\UUIDs\{6221A92D-B135-7632-3B1C-67DDFA0876BE}\xga-3\InstallLoc] @DACL= "{19620715-0001-1211-574574-30001}"="234521898:{A9DC57C6-84C5-887D-D0B0-14606D6BDD64}" [HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver\{A6D90D08-68DD-2B46-E2AC-5782669B2696}] @DACL= "CTE_32 Name"="2:{19C42D30-D844-8A07-12A4-E783E7D228F7}" [HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver\{C0984C48-3A57-C216-0D35-7D09B0A0D97E}] @DACL= "Templates"="-7260:{7E0C5D36-BFDD-4B84-F80D-AAF2A0F840A6}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(200) c:\windows\system32\Ati2evxx.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(1988) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\TUProgSt.exe c:\windows\system32\WTablet\Pen_TabletUser.exe . ************************************************************************** . Completion time: 2009-12-04 12:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-04 20:44 Pre-Run: 12,887,425,024 bytes free Post-Run: 12,746,743,808 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - A2802FA1517C13676555786C29217A65

rubent100 View Member Profile	Jan 19 2010, 05:36 PM Post #13
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	Hello, just thought i should mention what type of problems i am experiencing. I can't really access the internet to scan my computer with online scanners. I can't drag and drop so it's really hard for me to fix it since some operations require drag and drop. These logs have been saved to an external hard drive. I was having trouble running some of these softwares but i managed to do so. Also, alot of my services have been disabled, also windows installer service doesn't work so i can't install things. And when i try re installing it, i get a user permission error.

schrauber View Member Profile	Jan 20 2010, 01:15 PM Post #14
Mr.Mechanic Group: Malware Response Team Posts: 20,994 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: CODE MIA:: c:\windows\system32\eventlog.dll SRPeek:: c:\windows\system32\eventlog.dll Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable as from friday 20th august If I have helped you then please consider donating to continue the fight against malware

rubent100 View Member Profile	Jan 20 2010, 02:59 PM Post #15
Member Group: Members Posts: 18 Joined: 4-December 09 Member No.: 412,154	Hello, i can't drag any icons? It won't let me. Do you know why this is happening?

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 6th September 2010 - 03:25 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides