Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

very bad "Protection System" Malware


  • This topic is locked This topic is locked
27 replies to this topic

#1 lmg95

lmg95

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 03 September 2009 - 07:33 PM

Pretty much any form of antivirus/antispyware programs that are installed have stopped working (IE: malwarebytes, spybot, HiJack This, and Panda) and wheni click some of them it says, "Application cannot be executed. The file is infected. The file is infected. Please activate your antivirus software."

Task manager also does not seem to work and gives the above error message. I also get some popups related to Protection System.

The DDS program/logger didn't work and also gave the above error; however, I was able to get a RootRepeal log and have attached it.

Thanks for your time.

Attached Files

  • Attached File  ark.txt   58.61KB   9 downloads


BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 AM

Posted 04 September 2009 - 03:15 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download and run Win32kDiag:
Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Please post the following logs in your next reply:

* Win32kDiag.txt
* Log.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 lmg95

lmg95
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 September 2009 - 09:41 PM

Hi Sam:

Per your post from 3:15 today, I followed your instructions with the process and results as follows:

Several popups during the process, Security Center Alert, Advance Virus Remover, etc.
The computer did lock up once during the peek.bat process. Would not fully re-start. Finally got it restarted in safe mode with networking and was able to finish this process. The first time with peek.bat it ran for a few seconds then disapeared. I had to download peek.bat again. The second time it continued to run and I was able to cut and paste from the black Comand Prompt window.

Both the Win32KDiag.txt and the peek.bat Log.txt are posted herein below.

Thanks Sam, your assistance is greatly appreciated.

Here is the log from Win32KDiag.txt


Log file is located at: C:\Documents and Settings\Compaq_Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149.tmp\ZAP149.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21E.tmp\ZAP21E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D3.tmp\ZAP2D3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B9.tmp\ZAP3B9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D6.tmp\ZAP3D6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\CreateDisc\Sfxplugins\Sfxplugins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\CreateDisc\SonicResources\SonicResources

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony\Cache\CacheDataFiles\CacheDataFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony\Symphony\Symphony

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony\Cache\CacheDataFiles\CacheDataFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony\Symphony\Symphony

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\{446DBFFA-4088-48E3-8932-74316BA4CAE4}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{50D8FFDD-90CD-4859-841F-AA1961C7767A}\{50D8FFDD-90CD-4859-841F-AA1961C7767A}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\root\c7127654\caad7a11\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\Microsoft .NET Framework 2.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\1033\1033

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\Aquarium\Aquarium

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\DaVinci\DaVinci

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\Nature\Nature

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\Space\Space

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2849610097-4178618506-39320026-1007\S-1-5-21-2849610097-4178618506-39320026-1007

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\2h7j3c71.default\extensions\extensions

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\2h7j3c71.default\minidumps\minidumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-09 23:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()



Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-09 23:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Lang\Lang

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\NtmsData\Export\Export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\PAV\PAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^



Finished!


Here is the Log.txt - from peek.bat

Volume in drive C is PRESARIO
Volume Serial Number is 79D6-E22E

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/09/2004 11:00 PM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/09/2004 11:00 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/09/2004 11:00 PM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:11 PM 61,952 eventlog.dll
3 File(s) 650,240 bytes

Total Files Listed:
9 File(s) 1,937,920 bytes
0 Dir(s) 34,858,586,112 bytes free

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 AM

Posted 05 September 2009 - 10:02 AM

Please follow these steps first:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter
    • This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y

  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop everything and come back and tell me first. Executing The Avenger script (step #2) won't work if the file copy was not successful.
  • Exit the Command Prompt window.

===============================
Next set of steps...


Please disable your antivirus program.
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

    Files to move:
    C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 lmg95

lmg95
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 September 2009 - 12:19 PM

Hi Sam,
Thank you for your assistance. I have followed your instructions, each step worked as per your instructions. The script you mentioned did not contain Drivers to delete: or Drivers to disable. The First reboot did not complete, second reboot into safe mode worked. The log file did not automaticly open. I did however find a log file in C:/ and it was labeled as "avenger text document". This "avenger text document" opened in Notepad, copied and pasted here:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Awaiting your response, again I remain,
Respectfully and thank you,
lmg95

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 AM

Posted 06 September 2009 - 09:37 AM

Thank for your detailed responses.
Here is the next set of steps.


Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.



========================



Now delete any copy of combofix.exe that you have if you downloaded it previously.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 lmg95

lmg95
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 September 2009 - 12:20 PM

Hi Sam,
Again Thank You,

Step by Step, here is the Win32kDiag.Text from Notepad:

Log file is located at: C:\Documents and Settings\Compaq_Administrator\Desktop\Win32kDiag.txt:

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149.tmp\ZAP149.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149.tmp\ZAP149.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21E.tmp\ZAP21E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21E.tmp\ZAP21E.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D3.tmp\ZAP2D3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D3.tmp\ZAP2D3.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B9.tmp\ZAP3B9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B9.tmp\ZAP3B9.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D6.tmp\ZAP3D6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D6.tmp\ZAP3D6.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Cache\Cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Cache\Cache

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ehome\CreateDisc\Sfxplugins\Sfxplugins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\CreateDisc\Sfxplugins\Sfxplugins

Found mount point : C:\WINDOWS\ehome\CreateDisc\SonicResources\SonicResources

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\CreateDisc\SonicResources\SonicResources

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony\Cache\CacheDataFiles\CacheDataFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony\Cache\CacheDataFiles\CacheDataFiles

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony\Symphony\Symphony

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony\Symphony\Symphony

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony\Cache\CacheDataFiles\CacheDataFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony\Cache\CacheDataFiles\CacheDataFiles

Found mount point : C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony\Symphony\Symphony

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony\Symphony\Symphony

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\{446DBFFA-4088-48E3-8932-74316BA4CAE4}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\{446DBFFA-4088-48E3-8932-74316BA4CAE4}

Found mount point : C:\WINDOWS\Installer\{50D8FFDD-90CD-4859-841F-AA1961C7767A}\{50D8FFDD-90CD-4859-841F-AA1961C7767A}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{50D8FFDD-90CD-4859-841F-AA1961C7767A}\{50D8FFDD-90CD-4859-841F-AA1961C7767A}

Found mount point : C:\WINDOWS\Installer\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}\{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\root\c7127654\caad7a11\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\root\c7127654\caad7a11\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\Microsoft .NET Framework 2.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\Microsoft .NET Framework 2.0

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Found mount point : C:\WINDOWS\Resources\1033\1033

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\1033\1033

Found mount point : C:\WINDOWS\Resources\Themes\Aquarium\Aquarium

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\Aquarium\Aquarium

Found mount point : C:\WINDOWS\Resources\Themes\DaVinci\DaVinci

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\DaVinci\DaVinci

Found mount point : C:\WINDOWS\Resources\Themes\Nature\Nature

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\Nature\Nature

Found mount point : C:\WINDOWS\Resources\Themes\Space\Space

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\Space\Space

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setup.pss

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2849610097-4178618506-39320026-1007\S-1-5-21-2849610097-4178618506-39320026-1007

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2849610097-4178618506-39320026-1007\S-1-5-21-2849610097-4178618506-39320026-1007

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\2h7j3c71.default\extensions\extensions

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\2h7j3c71.default\extensions\extensions

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\2h7j3c71.default\minidumps\minidumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\2h7j3c71.default\minidumps\minidumps

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\0

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-09 23:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\Lang\Lang

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Lang\Lang

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\NtmsData\Export\Export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\NtmsData\Export\Export

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\PAV\PAV

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\PAV\PAV

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2



Finished!

I next downloaded, renamed and saved Combofix
Ran ComboFix, after a few minutes the following screen showed up:

"ComboFix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper the name of each file we may need it later."

C:\Windows\System32\Drivers\UACdrftypyyge.sys
C:\Windows\System32\Drivers\UACdatssljcx.dll
C:\Windows\System32\Drivers\UACwhaaqvjfio.dll
C:\Windows\System32\Drivers\UACcmhbqghcag.dat
C:\Windows\System32\Drivers\UACigwgtwekag.dll
C:\Windows\System32\Drivers\UACtuxwxwgjxj.dll

After writing down the above and clicking "OK" the machine rebooted but not fully. I rebooted into "safe mode" and ComboFix began running again until finished, and automatically rebooted again. Once the log was completed I copied and pasted it herein below:

Here is the ComboFix Log:

ComboFix 09-09-05.03 - Compaq_Administrator 09/06/2009 11:13.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.800 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\0.EXE
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\csrss.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\lsass.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Administrator\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Administrator\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\All Users\Application Data\12097344
c:\documents and settings\All Users\Application Data\12097344\12097344
c:\documents and settings\All Users\Application Data\12097344\12097344.exe
c:\documents and settings\All Users\Application Data\12097344\pc12097344ins
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Desktop\nudetube.com.lnk
c:\documents and settings\All Users\Desktop\pornotube.com.lnk
c:\documents and settings\All Users\Desktop\youporn.com.lnk
c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
C:\fyblb.exe
C:\hpbyv.exe
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\Adware Professional
c:\program files\Adware Professional\ocsuerlc.xqf
c:\program files\Protection System
c:\program files\Protection System\blacklist.cga
c:\program files\Protection System\core.cga
c:\program files\Protection System\coreext.dll
c:\program files\Protection System\firewall.dll
c:\program files\Protection System\psystem.exe
c:\program files\Protection System\uninstall.exe
c:\recycler\S-1-5-21-3470374856-1267541045-2896529112-1007
c:\recycler\S-1-5-21-4948478588-6770174966-481714636-0977
c:\recycler\S-1-5-21-4948478588-6770174966-481714636-0977\Desktop.ini
c:\recycler\S-1-5-21-4948478588-6770174966-481714636-0977\msimfo32.exe
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Installer\100032e.msi
c:\windows\Installer\10576.msp
c:\windows\Installer\1190bb0b.msi
c:\windows\Installer\1190bb11.msi
c:\windows\Installer\1190bb1f.msi
c:\windows\Installer\1190bb2b.msi
c:\windows\Installer\1190bb31.msi
c:\windows\Installer\1190bb3b.msi
c:\windows\Installer\1190bb42.msi
c:\windows\Installer\1190bb48.msi
c:\windows\Installer\1190bb4e.msi
c:\windows\Installer\1190bb54.msi
c:\windows\Installer\1190bb5a.msi
c:\windows\Installer\15536346.msi
c:\windows\Installer\16cb2037.msp
c:\windows\Installer\1d87c7c.msi
c:\windows\Installer\224dcbe.msp
c:\windows\Installer\224dd79.msp
c:\windows\Installer\224dd81.msp
c:\windows\Installer\224dd8a.msp
c:\windows\Installer\224dda0.msp
c:\windows\Installer\278e5c.msi
c:\windows\Installer\278e62.msi
c:\windows\Installer\278e67.msi
c:\windows\Installer\3f7171d.msp
c:\windows\Installer\3f71733.msp
c:\windows\Installer\3f71753.msp
c:\windows\Installer\3fe1cf7.msp
c:\windows\Installer\3fe1d0d.msp
c:\windows\Installer\3fe1d25.msp
c:\windows\Installer\3fe1d3b.msp
c:\windows\Installer\3fe1d52.msp
c:\windows\Installer\3fe1d69.msp
c:\windows\Installer\3fe1d7f.msp
c:\windows\Installer\3fe1d95.msp
c:\windows\Installer\3fe1dab.msp
c:\windows\Installer\3fe1dd0.msp
c:\windows\Installer\3fe1dd1.msp
c:\windows\Installer\3fe1de7.msp
c:\windows\Installer\613056.msp
c:\windows\Installer\61305e.msi
c:\windows\Installer\67368.msi
c:\windows\Installer\7b29cc3.msp
c:\windows\Installer\7b29cd9.msp
c:\windows\Installer\7b29cef.msp
c:\windows\Installer\7b29d05.msp
c:\windows\Installer\7b29d1b.msp
c:\windows\Installer\7b29d31.msp
c:\windows\Installer\7b29d47.msp
c:\windows\kb913800.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\msd.exe
c:\windows\mse.exe
c:\windows\msf.exe
c:\windows\msg.exe
c:\windows\msh.exe
c:\windows\system32\~.exe
c:\windows\system32\aJjSAJjl.ini
c:\windows\system32\aqawgjuy.ini
c:\windows\system32\asfljgcc.ini
c:\windows\system32\bbJlkjlm.ini
c:\windows\system32\braviax.exe
c:\windows\system32\CdJklnmp.ini
c:\windows\system32\critical_warning.html
c:\windows\system32\dcbefMoq.ini
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\drivers\UACdrftypyyge.sys
c:\windows\system32\fOpsBJjl.ini
c:\windows\system32\foyuroke.dll
c:\windows\system32\gizehure.exe
c:\windows\system32\gjmVwGgh.ini
c:\windows\system32\hekonala.dll
c:\windows\system32\HiSAIOWa.ini
c:\windows\system32\HNTDffii.ini
c:\windows\system32\HPVvyyxx.ini
c:\windows\system32\Iijknnpo.ini
c:\windows\system32\jilosuka.exe
c:\windows\system32\lanefiki.dll
c:\windows\system32\lludtqjb.ini
c:\windows\system32\msxml71.dll
c:\windows\system32\nafugizu.dll
c:\windows\system32\NmpoWvut.ini
c:\windows\system32\oVGikUtv.ini
c:\windows\system32\test.ttt
c:\windows\system32\UACcmhbqghcag.dat
c:\windows\system32\UACdatdssljcx.dll
c:\windows\system32\UACigwgtwekag.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACtuxwxwgjxj.dll
c:\windows\system32\UACwhaaqvjfio.dll
c:\windows\system32\VEKTDJjl.ini
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wingenocx.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\wscsvc32.exe
c:\windows\system32\XGOpWvut.ini
c:\windows\system32\yavawoji.exe
c:\windows\system32\yyhnrqci.ini
c:\windows\system32\zupujozo.dll
c:\windows\Tasks\vimoagpt.job
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.235.208
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 11:07 . 2009-09-06 11:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-05 20:57 . 2009-09-06 05:14 120 ----a-w- c:\windows\Rhajiceki.dat
2009-09-05 20:57 . 2009-09-05 20:57 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{A8B4084C-9EFF-48D9-A537-22871B3C05BD}
2009-09-05 15:42 . 2009-09-05 15:42 574 ----a-w- C:\cleanup.bat
2009-09-05 15:42 . 2009-09-05 15:42 135168 ----a-w- C:\zip.exe
2009-09-05 05:48 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-05 05:48 . 2009-09-05 05:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-09-05 05:47 . 2009-09-05 05:47 -------- d-----w- c:\program files\Lavasoft
2009-09-04 04:01 . 2009-09-04 04:01 68608 ----a-w- c:\windows\system32\drivers\etqxxoufpymdbdyq.sys
2009-09-03 23:43 . 2009-09-03 23:43 68608 ----a-w- c:\windows\system32\drivers\ouoiqmmbaprporie.sys
2009-09-03 23:42 . 2009-09-06 16:34 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2009-09-03 23:30 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 23:30 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 22:28 . 2009-09-03 22:28 68608 ----a-w- c:\windows\system32\drivers\uyuwpcvkpjkibcjp.sys
2009-09-03 22:16 . 2009-09-03 22:16 68608 ----a-w- c:\windows\system32\drivers\kuibitqfvkpfvree.sys
2009-09-03 18:41 . 2009-09-03 18:41 69120 ----a-w- c:\windows\system32\drivers\xtivkpfvnsixvspr.sys
2009-09-03 18:24 . 2009-09-03 18:24 69120 ----a-w- c:\windows\system32\drivers\tseqwbvsbcoreeci.sys
2009-09-03 18:10 . 2009-09-03 18:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\WeatherBug
2009-09-03 18:10 . 2009-09-03 18:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-09-03 15:43 . 2009-09-03 15:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-03 09:26 . 2009-09-03 15:54 -------- d-----w- c:\program files\Anti-Virus Professional
2009-09-03 09:15 . 2009-09-03 09:16 1296288 ----a-w- c:\program files\McAfee - DMSetup.exe
2009-09-03 07:13 . 2009-09-03 07:13 69120 ----a-w- c:\windows\system32\drivers\pfjwiwtixvdegeqx.sys
2009-09-03 05:20 . 2009-09-03 05:20 69120 ----a-w- c:\windows\system32\drivers\opcbqpxdsvrxnqwm.sys
2009-09-03 04:50 . 2009-09-03 04:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-03 02:07 . 2009-09-03 02:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security
2009-09-03 02:05 . 2009-09-03 02:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-03 01:53 . 2009-09-03 01:53 69120 ----a-w- c:\windows\system32\drivers\rxerxcdxrqrnspwm.sys
2009-09-02 04:00 . 2009-09-02 04:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-25 04:13 . 2009-08-25 04:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\vlc
2009-08-25 02:33 . 2009-08-25 02:33 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Graboid_Inc
2009-08-25 02:33 . 2009-08-25 02:34 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\MozillaControl
2009-08-25 02:33 . 2009-08-25 02:52 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Graboid
2009-08-25 02:32 . 2009-08-25 02:32 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-08-25 02:31 . 2009-08-25 02:31 -------- d-----w- c:\program files\VideoLAN
2009-08-23 13:36 . 2009-08-23 13:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp
2009-08-12 21:45 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 13:20 . 2009-08-08 13:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth
2009-08-08 07:07 . 2009-08-08 07:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 07:07 . 2009-08-08 07:07 -------- d-----w- c:\program files\MSBuild
2009-08-08 07:06 . 2009-08-08 07:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-08 07:06 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 07:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-08 07:06 . 2009-08-08 07:06 -------- d-----w- C:\f90708735d3115803862
2009-08-08 07:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-08 07:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 07:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-08 07:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 07:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 07:05 . 2009-09-06 15:51 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 16:34 . 2009-01-13 21:55 336676 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-09-06 16:34 . 2009-01-13 21:55 336676 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-09-06 16:34 . 2009-01-13 21:55 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-09-06 16:34 . 2009-01-13 21:55 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-09-06 16:33 . 2009-06-17 20:22 99256 ----a-w- c:\windows\system32\drivers\av5flt.sys
2009-09-05 20:53 . 2009-02-12 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-05 15:09 . 2009-06-05 15:09 88576 --sha-w- c:\windows\system32\kukolare.dll
2009-09-05 09:10 . 2009-01-07 05:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-05 05:47 . 2008-02-23 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-05 01:54 . 2009-06-05 01:54 88576 --sha-w- c:\windows\system32\sopejuwi.dll
2009-09-03 23:33 . 2009-01-13 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 17:16 . 2008-07-20 05:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 17:13 . 2008-07-20 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-03 15:52 . 2009-06-03 15:51 49152 --sha-w- c:\windows\system32\volosejo.dll
2009-09-03 09:51 . 2009-01-13 21:36 -------- d-----w- c:\program files\Panda Security
2009-09-03 09:41 . 2008-07-27 21:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 09:14 . 2007-10-18 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-02 04:00 . 2006-12-27 06:29 -------- d-----w- c:\program files\DivX
2009-09-01 16:34 . 2006-12-26 16:56 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\WeatherBug
2009-08-31 07:08 . 2008-08-15 13:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-24 14:07 . 2007-04-08 06:17 442440 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-08-23 13:38 . 2007-02-25 05:56 -------- d-----w- c:\program files\Google
2009-08-19 19:06 . 2009-02-12 01:17 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\NBC Direct
2009-08-14 11:58 . 2009-09-03 08:18 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-09 15:22 . 2006-11-24 23:14 91432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-10 04:00 204800 ---ha-w- c:\windows\system32\mswebdvd.dll
2009-07-26 22:14 . 2008-10-12 14:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3
2009-07-17 19:01 . 2004-08-10 04:00 58880 ---ha-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 04:00 286720 ---ha-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-10 04:00 730112 ---ha-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 04:00 56832 ---ha-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 04:00 54272 ---ha-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 04:00 301568 ---ha-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 04:00 147456 ---ha-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 04:00 136192 ---ha-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 11:00 92928 ---ha-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 04:00 81920 ---ha-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00 119808 ---ha-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-10 04:00 80896 ---ha-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 11:00 76288 ---ha-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-10 04:00 2066432 ---ha-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-10 04:00 84992 ---ha-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-10 04:00 132096 ---ha-w- c:\windows\system32\wkssvc.dll
2007-01-07 16:15 . 2007-01-07 16:15 6067795 ----a-w- c:\program files\CALENDAR sunbird-0.3.en-US.win32.installer.exe
2007-01-07 15:28 . 2007-01-07 15:28 218306392 ----a-w- c:\program files\M-S ACCOUNTING 2007 MOA7024Express.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-03 15:52 . 2009-06-03 15:52 49152 --sha-w- c:\windows\system32\duzemibe.dll
2009-06-03 15:52 . 2009-06-03 15:52 49152 --sha-w- c:\windows\system32\libinisu.dll
.

------- Sigcheck -------

[-] 8F078AE4ED187AAABC0A305146DE6716 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 27C6D03BCDB8CFEB96B716F3D8BE3E18 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\svchost.exe
[-] 27C6D03BCDB8CFEB96B716F3D8BE3E18 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\svchost.exe

[-] 1800F293BCCC8EDE8A70E12B88D80036 [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 7AA4F6C00405DFC4B70ED4214E7D687B [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] B409909F6E2E8A7067076ED748ABF1E7 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\$NtServicePackUninstall$\user32.dll
[-] C72661F8552ACE7C5C85E16A3CF505C4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\user32.dll
[-] DE2DB164BBB35DB061AF0997E4499054 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB925902$\user32.dll
[-] B26B135FF1B9F60C9388B4A7D16F600B [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\user32.dll
[-] B26B135FF1B9F60C9388B4A7D16F600B [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\user32.dll

[-] 2ED0B7F12A60F90092081C50FA0EC2B2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2CCC474EB85CEAA3E1FA1726580A3E5A [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2CCC474EB85CEAA3E1FA1726580A3E5A [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\ws2_32.dll

[-] 357D54BF94FE9D6D8505A96B5C2A3BCA [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 0E5D918F87EFA7D2424D66B499C7EB04 [7.00.6000.20696 (vista_ldr.071008-1500)] c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] B5B411BB229AE6EAD7652A32ED47BFB9 [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2B0C24AA747A93A28987B6D65A4A74BC [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 26F240C250E5B4B395CB4B178BA75437 [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 41546B396A526918DA7995A02EA04E51 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] C66402A06B83B036C195242C0C8CF83C [7.00.6000.20861 (vista_ldr.080618-1506)] c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 77C192FE56A70D7FA0247BA0A6201C32 [7.00.6000.20900 (vista_ldr.080820-1506)] c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 0D5B75171FF51775B630A431B6C667E8 [7.00.6000.20935 (vista_ldr.081013-1507)] c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 044E0A4E9FE97C0FB9AFE9C89E2A82E6 [7.00.6000.20978 (vista_ldr.081217-1620)] c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] C8667854873938CA13C986F16B0CD183 [7.00.6000.21020 (vista_ldr.090226-1506)] c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] C0EB6850C8A02A154281749DC61FAF22 [8.00.6001.22873 (longhorn_ie8_ldr.090509-0100)] c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 38114DAB42FB2EB84D1726C42B8D80C5 [8.00.6001.22896 (longhorn_ie8_ldr.090702-0100)] c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] DDE9597A3311748C1519444E2BC147BD [6.00.2900.2823 (xpsp.060106-1527)] c:\windows\$NtUninstallKB912812$\wininet.dll
[-] C0823FC5469663BA63E7DB88F9919D70 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB912945$\wininet.dll
[-] C0845ECBF4F9164E618EE381B79C9032 [6.00.2900.2861 (xpsp.060303-1528)] c:\windows\$NtUninstallKB925454$\wininet.dll
[-] C0845ECBF4F9164E618EE381B79C9032 [6.00.2900.2861 (xpsp.060303-1528)] c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 4261BA03AFD659DE04F0A17DFBDD454D [6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)] c:\windows\$NtUninstallKB937143$\wininet.dll
[-] E1A3DD68B5380B360A7310A64D9BB188 [6.00.2900.3164 (xpsp_sp2_qfe.070626-1258)] c:\windows\$NtUninstallKB939653$\wininet.dll
[-] A1BC17EB3758D73C3938B2318820F5B4 [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 085A7C37F9C6EDE1BA870B7DBEC06399 [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] c:\windows\$NtUninstallKB947864$\wininet.dll
[-] BB1EACD6AB47E78EBCA02EB781550D55 [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2E7DE1BF9418B071799EB53DE8CC22F5 [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] c:\windows\ie7\wininet.dll
[-] 92995334F993E6E49C25C6D02EC04401 [7.00.5730.11 (winmain(wmbla).061017-1135)] c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] A4A0FC92358F39538A6494C42EF99FE9 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 30C1E0F34AD2972C72A01DB5C74AB065 [7.00.6000.16574 (vista_gdr.071008-1500)] c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] A4A0FC92358F39538A6494C42EF99FE9 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] F6589BE784647CFDBC22EA51CCB1A57A [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 8C13D4A7479FA0A026EDA8ABCE82C0ED [7.00.6000.16705 (vista_gdr.080618-1506)] c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] EF8EBA98145BFA44E80D17A3B3453300 [7.00.6000.16735 (vista_gdr.080820-1506)] c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 6741EAF7B7F110E803A6E38F6E5FA6B0 [7.00.6000.16762 (vista_gdr.081013-1507)] c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] A82935D32D0672E8FF4E91AE398E901C [7.00.6000.16791 (vista_gdr.081217-1620)] c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 28775945CCD53DEE280EF58DEA1A94C4 [7.00.6000.16827 (vista_gdr.090226-1506)] c:\windows\ie8\wininet.dll
[-] 6CE32F7778061CCC5814D5E0F282D369 [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 366C72AF6970DB7BB39AB0142BF09DB5 [8.00.6001.18783 (longhorn_ie8_gdr.090508-1700)] c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\wininet.dll
[-] 774435E499D8E9643EC961A6103C361F [7.00.6000.16544 (vista_gdr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\wininet.dll
[-] 357D54BF94FE9D6D8505A96B5C2A3BCA [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\wininet.dll
[-] BE43D00D802C92F01C8CC952C6F483F8 [7.00.6000.16414 (vista_gdr.070108-1520)] c:\windows\SoftwareDistribution\Download\7ebd512f015945a82f2b2e551ed20a74\wininet.dll
[-] 806D274C9A6C3AAEA5EAE8E4AF841E04 [7.00.6000.16608 (vista_gdr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2GDR\wininet.dll
[-] B5B411BB229AE6EAD7652A32ED47BFB9 [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2QFE\wininet.dll
[-] F6589BE784647CFDBC22EA51CCB1A57A [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2GDR\wininet.dll
[-] 41546B396A526918DA7995A02EA04E51 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2QFE\wininet.dll
[-] 30C1E0F34AD2972C72A01DB5C74AB065 [7.00.6000.16574 (vista_gdr.071008-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
[-] 0E5D918F87EFA7D2424D66B499C7EB04 [7.00.6000.20696 (vista_ldr.071008-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
[-] 7E8A47A2E6561274B83E257CE74803FD [8.00.6001.18806 (longhorn_ie8_gdr.090701-1700)] c:\windows\system32\wininet.dll
[-] 7E8A47A2E6561274B83E257CE74803FD [8.00.6001.18806 (longhorn_ie8_gdr.090701-1700)] c:\windows\system32\dllcache\wininet.dll

[-] 6129E70F3D2F1E60860C930EBEAF92C2 [5.1.2600.2631 (xpsp.050313-1526)] c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] B2220C618B42A2212A59D91EBD6FC4B4 [5.1.2600.2892 (xpsp.060420-0256)] c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 64798ECFA43D78C7178375FCDD16D8C8 [5.1.2600.3244 (xpsp_sp2_qfe.071030-1255)] c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 744E57C99232201AE98C49168B918F48 [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] AD978A1B783B5719720CFF204B666C8E [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2A5554FC5B1E04E131230E3CE035C3F9 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 9F4B36614A0FC234525BA224957DE55C [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 0E66B538096A6529D1AC66E78EB0D5C8 [5.1.2600.2631 (xpsp_sp2_gdr.050313-1526)] c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 1DBF125862891817F374F407626967F4 [5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)] c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 93EA8D04EC73A85DB02EB8805988F733 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 90CAFF4B094573449A0872A0F919B178 [5.1.2600.3244 (xpsp_sp2_gdr.071030-1259)] c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 93EA8D04EC73A85DB02EB8805988F733 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\dllcache\tcpip.sys
[-] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\drivers\tcpip.sys

[-] 01C3346C241652F43AED8E2149881BFE [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] ED0EF0A136DEC83DF69F04118870003E [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\winlogon.exe
[-] ED0EF0A136DEC83DF69F04118870003E [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\winlogon.exe

[-] 558635D3AF1C7546D26067D5D9B6959E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 1DF7F42665C94B825322FAE71721130D [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ndis.sys
[-] 1DF7F42665C94B825322FAE71721130D [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\drivers\ndis.sys

[-] 4448006B6BC60E6C027932CFC38D6855 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 3BB22519A194418D5FEC05D800A19AD0 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 3BB22519A194418D5FEC05D800A19AD0 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\drivers\ip6fw.sys

[-] D8ABA3EAB509627E707A3B14F00FBB6B [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 4D3DBDCCBF97F5BA1E74F322B155C3BA [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 607352B9CB3D708C67F6039097801B5A [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] A25E9B86EFFB2AF33BF51E676B68BFB0 [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] A58AC1C6199EF34228ABEE7FC057AE09 [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] FB142B7007CA2EEA76966C6C5CC12150 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 3CD941E472DDF3534E53038535719771 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 8206B5F94A6A9450E934029420C1693F [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 7F653A89F6E89E3AE0D49830EECE35D4 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 5BA7F2141BC6DB06100D0E5A732C617A [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 109F8E3E3C82E337BB71B6BC9B895D61 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 65D4220799E6FC2CB079070A6393CC0E [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\ntkrnlpa.exe
[-] 5BA7F2141BC6DB06100D0E5A732C617A [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 28187802B7C368C0D3AEF7D4C382AABB [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 5A5C8DB4AA962C714C8371FBDF189FC9 [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] EFE8EACE83EAAD5849A7A548FB75B584 [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 31914172342BFF330063F343AC6958FE [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 1220FAF071DEA8653EE21DE7DCDA8BFD [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 626309040459C3915997EF98EC1C8D40 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 48B3E89AF7074CEE0314A3E0C7FAFFDB [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] F6F8245B3A2E9CA834DD318E7AE0C6D0 [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 40F8880122A030A7E9E1FEDEA833B33D [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 7A95B10A73737EBF24139AAA63F5212B [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 0C89243C7C3EE199B96FCC16990E0679 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 0CBA44D0938D57F334C0862424148B70 [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\ntoskrnl.exe
[-] 7A95B10A73737EBF24139AAA63F5212B [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\ntoskrnl.exe

[-] 12896823FB95BFB3DC9B46BCAEDC9923 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\explorer.exe
[-] 7712DF0CDDE3A5AC89843E61CD5B3658 [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 97BD6515465659FF8F3B7BE375B2EA87 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\$NtServicePackUninstall$\explorer.exe
[-] A0732187050030AE399B241436565E64 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 12896823FB95BFB3DC9B46BCAEDC9923 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\explorer.exe

[-] 020CEAAEDC8EB655B6506B8C70D53BB6 [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] C6CE6EEC82F187615D1002BB3BB50ED4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\services.exe
[-] 0E776ED5F7CC9F94299E70461B7B8185 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB956572$\services.exe
[-] 0E776ED5F7CC9F94299E70461B7B8185 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\services.exe
[-] 65DF52F5B8B6E9BBD183505225C37315 [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\services.exe
[-] 65DF52F5B8B6E9BBD183505225C37315 [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\services.exe

[-] 84885F9B82F4D55C6146EBF6065D75D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\lsass.exe
[-] BF2466B3E18E970D8A976FB95FC1CA85 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\lsass.exe
[-] BF2466B3E18E970D8A976FB95FC1CA85 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\lsass.exe

[-] 24232996A38C0B0CF151C2140AE29FC8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 5F1D5F88303D4A4DBC8E5F97BA967CC3 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 5F1D5F88303D4A4DBC8E5F97BA967CC3 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\ctfmon.exe

[-] AD3D9D191AEA7B5445FE1D82FFBB4788 [5.1.2600.2696 (xpsp.050610-1527)] c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 7435B108B935E42EA92CA94F59C8E717 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\spoolsv.exe

[-] 39B1FFB03C2296323832ACBAE50D2AFF [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\userinit.exe
[-] A93AEE1928A9D7CE3E16D24EC7380F89 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\userinit.exe
[-] A93AEE1928A9D7CE3E16D24EC7380F89 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\userinit.exe
[-] A93AEE1928A9D7CE3E16D24EC7380F89 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\dllcache\userinit.exe

[-] C29A5286E64D97385178452D5F307B98 [5.1.2600.2627 (xpsp.050309-1716)] c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] FF3477C03BE7201C294C35F684B3479F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\termsrv.dll
[-] FF3477C03BE7201C294C35F684B3479F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\termsrv.dll

[-] 0FDD84928A5DDE2510761B7EC76CCEC9 [5.1.2600.2945 (xpsp.060704-2357)] c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 09F7CB3687F86EDAA4CA081F7AB66C03 [5.1.2600.3119 (xpsp_sp2_qfe.070416-1259)] c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] DA11D9D6ECBDF0F93436A4B7C13F7BEC [5.1.2600.5781 (xpsp_sp3_qfe.090321-1341)] c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] A01F9CA902A88F7CED06884174D6419D [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 888190E31455FAD793312F8D087146EB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 888190E31455FAD793312F8D087146EB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] C24B983D211C34DA8FCC1AC38477971D [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] C24B983D211C34DA8FCC1AC38477971D [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\kernel32.dll
[-] B921FB870C9AC0D509B2CCABBBBE95F3 [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] c:\windows\system32\kernel32.dll
[-] B921FB870C9AC0D509B2CCABBBBE95F3 [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] c:\windows\system32\dllcache\kernel32.dll

[-] 1B5F6923ABB450692E9FE0672C897AED [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 50A166237A0FA771261275A405646CC0 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 50A166237A0FA771261275A405646CC0 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\system32\powrprof.dll

[-] 87CA7CE6469577F059297B9D6556D66D [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 0DA85218E92526972A821587E6A8BF8F [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\imm32.dll
[-] 0DA85218E92526972A821587E6A8BF8F [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\imm32.dll

[-] AA8A4BD78D24FCDB96DDAEE3756AA372 [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 54D8B404F17AA74C666F7F3AEF2AE459 [7.00.6000.20710 (vista_ldr.071026-1500)] c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 976C46ED4A75FC66D9C596778898CE1E [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] FE406DE0651C9E8201DCB0460609D739 [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 46A61BA430110F00DD990D058AA3D054 [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 4D612FF5D3B7EEF200595AE6F95D5E68 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 28B8231CA8D55FC85E027A57C90F5C88 [7.00.6000.20861 (vista_ldr.080618-1506)] c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 25CC085720EE3617FD1F8AB9E2F7CAB2 [7.00.6000.20900 (vista_ldr.080820-1506)] c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] B74F31A4BD83797D7A083F922169287D [7.00.6000.20935 (vista_ldr.081013-1507)] c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] C79FAD61CD4A26ED5AA8C16D991C6FBD [7.00.6000.20973 (vista_ldr.081211-1619)] c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] CC9D001B7370B292C35B366CA05B12B4 [7.00.6000.20996 (vista_ldr.090114-1504)] c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 1BB754AB47B327DE8DBF2FA18C36357C [7.00.6000.21015 (vista_ldr.090218-1505)] c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 1290E417BF806185CC7B2845E78A104E [8.00.6001.22873 (longhorn_ie8_ldr.090509-0100)] c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] F25D866DD486AD30E05E5596CB363C3E [8.00.6001.22902 (longhorn_ie8_ldr.090718-0500)] c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 51C91AC189321A320FC4BC90B56255A3 [6.00.2900.2838 (xpsp.060131-1525)] c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 376E0843B2356CA91CEC8D9837A56FF7 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB912945$\mshtml.dll
[-] ABCD123F888E4E97C8751378CCCC4F26 [6.00.2900.2873 (xpsp.060322-1626)] c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] ABCD123F888E4E97C8751378CCCC4F26 [6.00.2900.2873 (xpsp.060322-1626)] c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 00ADCB32832A10ED9419493BCEA97526 [6.00.2900.3132 (xpsp_sp2_qfe.070504-1301)] c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 53F3FD772C010622346C39284C4A863B [6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)] c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 885E3BF99EA4B2213901EBC35B34CF12 [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] c:\windows\$NtUninstallKB944533$\mshtml.dll
[-] 8A4DD074DEC1B0C063C8493ABF654CBC [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] c:\windows\$NtUninstallKB947864$\mshtml.dll
[-] 701A6798DDF875CAA3A5099EE75FD57F [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] c:\windows\$NtUninstallKB950759$\mshtml.dll
[-] 083B967E6B0B2BB539CE6B08D45D631F [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] c:\windows\ie7\mshtml.dll
[-] CBF04597F9CF7739E572276A2698FDD3 [7.00.5730.11 (winmain(wmbla).061017-1135)] c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] C6EC2493346ED8888A549F59210A8ED3 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 8AB7ECF59D6EBBE986277B65ED4A40A1 [7.00.6000.16587 (vista_gdr.071026-1500)] c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] C6EC2493346ED8888A549F59210A8ED3 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 8976CAB317105F7431B08EA32AB73C65 [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] EC936148284F557F19C333178768109B [7.00.6000.16705 (vista_gdr.080618-1506)] c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 1AD035E04A7068EC2820B055A3131ED8 [7.00.6000.16735 (vista_gdr.080820-1506)] c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] EACAEDEF6FA2A969DE5B36190D45396F [7.00.6000.16762 (vista_gdr.081013-1507)] c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 121EC39A64D64205A88C2C45B034B455 [7.00.6000.16788 (vista_gdr.081211-1619)] c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 3B413267DA8AE71C20E5EF3E54F74728 [7.00.6000.16809 (vista_gdr.090114-1504)] c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] C7C3E41CC2F6EB4A629FE2184136C098 [7.00.6000.16825 (vista_gdr.090218-1505)] c:\windows\ie8\mshtml.dll
[-] D469A0EBA2EF5C6BEE8065B7E3196E5E [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] EEAADAA744B20E68CF5EB4FBB4F8AFA9 [8.00.6001.18783 (longhorn_ie8_gdr.090508-1700)] c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] A706E122B398FE1AB85CB9B75D044223 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\mshtml.dll
[-] E267EE248CDA7667C19001C069DE867B [7.00.6000.16544 (vista_gdr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\mshtml.dll
[-] AA8A4BD78D24FCDB96DDAEE3756AA372 [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\mshtml.dll
[-] 5D45318804A30CE9D6EA83066E84B4A7 [7.00.6000.16414 (vista_gdr.070108-1520)] c:\windows\SoftwareDistribution\Download\7ebd512f015945a82f2b2e551ed20a74\mshtml.dll
[-] A097C36412455F0C7E42377FAF8809B7 [7.00.6000.16608 (vista_gdr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2GDR\mshtml.dll
[-] 976C46ED4A75FC66D9C596778898CE1E [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2QFE\mshtml.dll
[-] 8976CAB317105F7431B08EA32AB73C65 [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2GDR\mshtml.dll
[-] 4D612FF5D3B7EEF200595AE6F95D5E68 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2QFE\mshtml.dll
[-] 8AB7ECF59D6EBBE986277B65ED4A40A1 [7.00.6000.16587 (vista_gdr.071026-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\mshtml.dll
[-] 54D8B404F17AA74C666F7F3AEF2AE459 [7.00.6000.20710 (vista_ldr.071026-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\mshtml.dll
[-] 5A32B43A48D6DCA339BF24105D9A028F [8.00.6001.18812 (longhorn_ie8_gdr.090717-2100)] c:\windows\system32\mshtml.dll
[-] 5A32B43A48D6DCA339BF24105D9A028F [8.00.6001.18812 (longhorn_ie8_gdr.090717-2100)] c:\windows\system32\dllcache\mshtml.dll

[-] EBDEE8A2EE5393890A1ACEE971C4C246 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 463C1EC80CD17420A542B7F36A36F128 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 463C1EC80CD17420A542B7F36A36F128 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\drivers\kbdclass.sys
[-] EBDEE8A2EE5393890A1ACEE971C4C246 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys

[-] 6728270CB7DBB776ED086F5AC4C82310 [2001.12.4414.258] c:\windows\$NtServicePackUninstall$\comres.dll
[-] 1280A158C722FA95A80FB7AEBE78FA7D [2001.12.4414.700] c:\windows\ServicePackFiles\i386\comres.dll
[-] 1280A158C722FA95A80FB7AEBE78FA7D [2001.12.4414.700] c:\windows\system32\comres.dll

[-] 74D66B3DE265E8789153414E75175F26 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 012DF358CEBAA23ACB26D82077820817 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\lpk.dll
[-] 012DF358CEBAA23ACB26D82077820817 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\lpk.dll

[-] DA1F27D85E0D1525F6621372E7B685E9 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\dllcache\beep.sys
[-] DA1F27D85E0D1525F6621372E7B685E9 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\drivers\beep.sys

[-] 73C1E1F395918BC2C6DD67AF7591A3AD [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\dllcache\null.sys
[-] 73C1E1F395918BC2C6DD67AF7591A3AD [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\drivers\null.sys

[-] 925F8B61ED301A317BA850EBEECBDAA0 [4.1.0.61] c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] DDF8D47ACF8FC3FE5F7F2B95C4D4D136 [4.1.6140] c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] CDDD4416B2B4C7295FE3FDB6DDE57E4E [4.1.0.61] c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] CDDD4416B2B4C7295FE3FDB6DDE57E4E [4.1.0.61] c:\windows\system32\mfc40u.dll

[-] C369DF215D352B6F3A0B8C3469AA34F8 [5.1.2600.2726 (xpsp.050725-1531)] c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 9222562D44021B988B9F9F62207FB6F2 [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] CE94A2BD25E3E9F4D46A7373FF455C6D [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 5C83A4408604F737717AB96371201680 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2589FE6015A316C0F5D5112B4DA7B509 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2589FE6015A316C0F5D5112B4DA7B509 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 6B27A5C03DFB94B4245739065431322C [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\rpcss.dll
[-] 6B27A5C03DFB94B4245739065431322C [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\rpcss.dll

[-] 95FD808E4AC22ABA025A7B3EAC0375D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 986B1FF5814366D71E0AC5755C88F2D3 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 986B1FF5814366D71E0AC5755C88F2D3 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\msgsvc.dll

[-] B0124CB21D28B1C9F678B566B6B57D92 [5.82 (xpsp.060825-0040)] c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] A77DFB85FAEE49D66C74DA6024EBC69B [5.82 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] AEF3D788DBF40C7C4D204EA45EB0C505 [6.0 (xpclient.010817-1148)] c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 06F247492BC786CE5C24A23E178C711A [5.82 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 06F247492BC786CE5C24A23E178C711A [5.82 (xpsp.080413-2105)] c:\windows\system32\comctl32.dll
[-] AEF3D788DBF40C7C4D204EA45EB0C505 [6.0 (xpclient.010817-1148)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 5AF68A5E44734A082442668E9C787743 [6.0 (xpsp_sp2_rtm.040803-2158)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] C4E80875C1CF1222FC5EFD0314AE5C01 [6.0 (xpsp.060825-0040)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] BD38D1EBE24A46BD3EDA059560AFBA12 [6.0 (xpsp.080413-2105)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 9859C0F6936E723E4892D7141B1327D5 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\system32\drivers\acpiec.sys

[-] E8A12A12EA9088B4327D49EDCA3ADD3E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 96E1C926F22EE1BFBAE82901A35F6BF3 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\sfc.dll
[-] 96E1C926F22EE1BFBAE82901A35F6BF3 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\sfc.dll

[-] 96353FCECBA774BB8DA74A1C6507015A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 1B7F071C51B77C272875C3A23E1E4550 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 1B7F071C51B77C272875C3A23E1E4550 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\netlogon.dll

[-] 2C69EC7E5A311334D10DD95F338FCCEA [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 574738F61FCA2935F5265DC4E5691314 [6.7.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 574738F61FCA2935F5265DC4E5691314 [6.7.2600.5512 (xpsp.080413-2108)] c:\windows\system32\qmgr.dll
[-] 574738F61FCA2935F5265DC4E5691314 [6.7.2600.5512 (xpsp.080413-2108)] c:\windows\system32\bits\qmgr.dll

[-] 0F78E27F563F2AAF74B91A49E2ABF19A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\scecli.dll
[-] A86BB5E61BF3E39B62AB4C7E7085A084 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\scecli.dll
[-] A86BB5E61BF3E39B62AB4C7E7085A084 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\scecli.dll

[-] 82B24CB70E5944E6E34662205A2A5B78 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 6D4FEB43EE538FC5428CC7F0565AA656 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 6D4FEB43EE538FC5428CC7F0565AA656 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\eventlog.dll

[-] 02000ABF34AF4C218C35D257024807D6 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] B153AFFAC761E7F5FCFA822B9C4E97BC [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] B153AFFAC761E7F5FCFA822B9C4E97BC [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\drivers\asyncmac.sys

[-] 05AB81909514BFD69CBB1F2C147CF6B9 [5.1.2600.3081 (xpsp_sp2_qfe.070209-0034)] c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 19A811EF5F1ED5C926A028CE107FF1AF [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] B78BE402C3F63DD55521F73876951CDD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] B78BE402C3F63DD55521F73876951CDD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\I386\NTFS.SYS
[-] 78A08DD6A8D65E697C18E1DB01C5CDCA [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 78A08DD6A8D65E697C18E1DB01C5CDCA [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\drivers\ntfs.sys

[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 6EAA72FD9EF993EC1FA9A06DE65105DA [10.0.3790.3646] c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\system32\MsPMSNSv.dll
[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\system32\dllcache\mspmsnsv.dll

[-] EEF46DAB68229A14DA3D8E73C99E2959 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 295D21F14C335B53CB8154E5B1F892B9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 295D21F14C335B53CB8154E5B1F892B9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\xmlprov.dll

[-] 10654F9DDCEA9C46CFB77554231BE73B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 3D4E199942E29207970E04315D02AD3B [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 3D4E199942E29207970E04315D02AD3B [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\cryptsvc.dll

[-] E3CFCCDDA4EDD1D0DC9168B2E18F27B8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\browser.dll
[-] A06CE3399D16DB864F55FAEB1F1927A9 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\browser.dll
[-] A06CE3399D16DB864F55FAEB1F1927A9 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\browser.dll

[-] 1418A3A6E76E5A2E3F5E43866E793A8B [5.1.2600.2716 (xpsp.050707-1657)] c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] FB78839B36025AA286A51289ED28B73E [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] EB4A4187D74A8EFDCBEA3EA2CB1BDFBD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 3CB78C17BB664637787C9A1C98F79C38 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 3CB78C17BB664637787C9A1C98F79C38 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\tapisrv.dll

[-] 1DFCA7713EA5A70D5D93B436AEA0317A [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 832E4DD8964AB7ACC880B2837CB1ED20 [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] FCEE5FCB99F7C724593365C706D28388 [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 097722F235A1FB698BF9234E01B52637 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] B4138E99236F0F57D4CF49BAE98A0746 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 4E74AF063C3271FBEA20DD940CFD1184 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB951748_0$\mswsock.dll
[-] B4138E99236F0F57D4CF49BAE98A0746 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 832E4DD8964AB7ACC880B2837CB1ED20 [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\mswsock.dll
[-] 832E4DD8964AB7ACC880B2837CB1ED20 [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\dllcache\mswsock.dll

[-] 3516D8A18B36784B1005B950B84232E1 [5.1.2600.2743 (xpsp.050819-1528)] c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 36739B39267914BA69AD0610A0299732 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\$NtServicePackUninstall$\netman.dll
[-] DAB9E6C7105D2EF49876FE92C524F565 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB905414$\netman.dll
[-] 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\netman.dll
[-] 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\netman.dll

[-] 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 [2001.12.4414.308] c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] A4AB3DCA4A383F0DF4988ABDEB84F9A4 [2001.12.4414.320] c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] D4991D98F2DB73C60D042F1AEF79EFAE [2001.12.4414.706] c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] F17F6226BDC0CD5F0BEF0DAF84D29BEC [2001.12.4414.706] c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 60D1A6342238378BFB7545C81EE3606C [2001.12.4414.320] c:\windows\$NtServicePackUninstall$\es.dll
[-] ACD36A2DD7D1E9D8A060AA651DC07E63 [2001.12.4414.258] c:\windows\$NtUninstallKB902400$\es.dll
[-] 19A799805B24990867B00C120D300C3A [2001.12.4414.701] c:\windows\$NtUninstallKB950974$\es.dll
[-] 34BBD9ACC1538818F2C878898C64E793 [2001.12.4414.308] c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 19A799805B24990867B00C120D300C3A [2001.12.4414.701] c:\windows\ServicePackFiles\i386\es.dll
[-] D4991D98F2DB73C60D042F1AEF79EFAE [2001.12.4414.706] c:\windows\system32\es.dll
[-] D4991D98F2DB73C60D042F1AEF79EFAE [2001.12.4414.706] c:\windows\system32\dllcache\es.dll

[-] 648BF0B4DDE4F7A1156DAE7174D36EFA [5.1.2600.2751 (xpsp.050831-1531)] c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] A1A688EE56CF3BBD24EDEB815D48E9BA [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] C2BBD044C741EA4292016C36F718D2E4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2DC5A8019E2387987905F77C664E4BE2 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2DC5A8019E2387987905F77C664E4BE2 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\linkinfo.dll

[-] 4B8D61792F7175BED48859CC18CE4E38 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 0A5679B3714EDAB99E357057EE88FCA6 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 0A5679B3714EDAB99E357057EE88FCA6 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\ssdpsrv.dll

[-] 36ACA6CDC19C95FF468A1426EB7F32F0 [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] ACA5D98663D879C6BAAFCEA7E2F1B710 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 0546477BDE979E33294FE97F6B3DE84A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\upnphost.dll

[-] 92BDF74F12D6CBEC43C94D4B7F804838 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 3805DF0AC4296A34BA4BF93B346CC378 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 3805DF0AC4296A34BA4BF93B346CC378 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\srsvc.dll

[-] 49911DD39E023BB6C45E4E436CFBD297 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] F92E1076C42FCD6DB3D72D8CFE9816D5 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] F92E1076C42FCD6DB3D72D8CFE9816D5 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\wscntfy.exe

[-] B62F29C00AC55A761B2E45877D85EA0F [5.1.2400.2180] c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 156F64A3345BD23C600655FB4D10BC08 [5.1.2400.5512] c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 156F64A3345BD23C600655FB4D10BC08 [5.1.2400.5512] c:\windows\system32\ntmssvc.dll

[-] 44DB7A9BDD2FB58747D123FBF1D35ADB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] AD188BE7BDF94E8DF4CA0A55C00A5073 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\rasauto.dll
[-] AD188BE7BDF94E8DF4CA0A55C00A5073 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\rasauto.dll

[-] 30A609E00BD1D4FFC49D6B5A432BE7F2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 9DD07AF82244867CA36681EA2D29CE79 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 9DD07AF82244867CA36681EA2D29CE79 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\sfcfiles.dll

[-] 92360854316611F6CC471612213C3D92 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 0A9A7365A1CA4319AA7C1D6CD8E4EAFA [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 0A9A7365A1CA4319AA7C1D6CD8E4EAFA [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\schedsvc.dll

[-] 3151427DB7D87107D1C5BE58FAC53960 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 5B19B557B0C188210A56A6B699D90B8F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 5B19B557B0C188210A56A6B699D90B8F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\regsvc.dll

[-] 53D9184A21C5CBF600D918E51EF3A7E5 [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 6815DEF9B810AEFAC107EEAF72DA6F82 [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] E7518DC542D3EBDCB80EDD98462C7821 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 1926899BF9FFE2602B63074971700412 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 1926899BF9FFE2602B63074971700412 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\system32\shsvcs.dll

[-] 1EE7B434BA961EF845DE136224C30FEC [5.1.2601.2180] c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 1EE7B434BA961EF845DE136224C30FEC [5.1.2601.2180] c:\windows\$NtServicePackUninstall$\aec.sys
[-] 841F385C6CFAF66B58FBD898722BB4F0 [5.1.2601.2078] c:\windows\$NtUninstallKB900485$\aec.sys
[-] 8BED39E3C35D6A489438B8141717A557 [5.1.2601.3142] c:\windows\ServicePackFiles\i386\aec.sys
[-] 8BED39E3C35D6A489438B8141717A557 [5.1.2601.3142] c:\windows\system32\drivers\aec.sys

[-] 9C3C12975C97119412802B181FBEEFFE [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] D8849F77C0B66226335A59D26CB4EDC6 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] D8849F77C0B66226335A59D26CB4EDC6 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44bb1f2f-9952-af44-cdf3-8d5c09248d49}]
2008-04-14 00:12 174592 ----a-w- c:\windows\ofaxuqot.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b10f01ab-4ac4-4073-b6c5-b57e3a52bbc2}]
2009-06-03 15:52 49152 --sha-w- c:\windows\system32\duzemibe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 1343488]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-03-13 2210632]
"DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-02-09 1113152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-24 7700480]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-24 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-08 185872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-07-17 857344]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"jilatasoho"="c:\windows\system32\libinisu.dll" [2009-06-03 49152]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"sibeletag"="c:\windows\system32\kukolare.dll" [2009-09-05 88576]
"Fqamevedecote"="c:\windows\ofaxuqot.dll" [2008-04-14 174592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-24 1622016]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-10-12 1078]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-11-24 36903]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-7-25 67128]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{d7e763c6-f363-4c2e-8c89-562904eb86f6}"= "c:\windows\system32\kukolare.dll" [2009-09-05 88576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"safigokaw"= {d7e763c6-f363-4c2e-8c89-562904eb86f6} - c:\windows\system32\kukolare.dll [2009-09-05 88576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 22:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ne32nv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1172989024\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1172989024\\EE\\aolsoftware.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
"57124:TCP"= 57124:TCP:PMB P2P TCP Listening Port
"57124:UDP"= 57124:UDP:PMB P2P UDP Listening Port

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/13/2009 4:31 PM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [1/13/2009 4:40 PM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [1/13/2009 4:55 PM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [1/13/2009 4:40 PM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [1/13/2009 4:55 PM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [1/13/2009 4:40 PM 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/13/2009 4:27 PM 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [1/13/2009 4:55 PM 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/13/2009 4:27 PM 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\psksvc.exe [1/13/2009 4:39 PM 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [6/17/2009 3:22 PM 99256]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [9/3/2009 6:42 PM 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [1/13/2009 4:36 PM 197888]
S2 gupdate1c8d35a59481f8b;Google Update Service (gupdate1c8d35a59481f8b);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2008 12:01 AM 133104]
S2 thgkfkqr;thgkfkqr;c:\windows\system32\drivers\gjrowwu.sys --> c:\windows\system32\drivers\gjrowwu.sys [?]
S2 xcbkkibv;xcbkkibv;c:\windows\system32\drivers\bjioahz.sys --> c:\windows\system32\drivers\bjioahz.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 sassvc;ProgramCheckerPro;c:\program files\Zenturi\ProgramChecker\sassvc.exe [2/15/2006 5:17 PM 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-08-26 c:\windows\Tasks\Basic clean-up.job
- c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2009-01-13 23:55]

2009-08-25 c:\windows\Tasks\Basic clean-up1.job
- c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2009-01-13 23:55]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Protection System - c:\program files\Protection System\psystem.exe
SSODL-zojudayad-{c148abce-e2fa-47ba-923a-c01463725f41} - (no file)
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6n6zvnb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.searchsave.com/index.php?req=search&sm=addbarsearch&source=1&term=
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6n6zvnb.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6n6zvnb.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6n6zvnb.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: XUL Cache: {752D1495-DD74-4BE1-9232-52021A13C56D} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{752D1495-DD74-4BE1-9232-52021A13C56D}\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XUL Cache: {A8B4084C-9EFF-48D9-A537-22871B3C05BD} - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{A8B4084C-9EFF-48D9-A537-22871B3C05BD}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 11:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"


[HKEY_LOCAL_MACHINE\System\ControlSet014\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\windows\system32\avldr.dll

- - - - - - - > 'lsass.exe'(1224)
c:\windows\ne32nv.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\nview.dll
c:\windows\system32\libinisu.dll
c:\windows\system32\kukolare.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\ne32nv.dll
c:\windows\ofaxuqot.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Global Protection 2009\WebProxy.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\kbd.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-09-06 11:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 16:54

Pre-Run: 34,686,394,368 bytes free
Post-Run: 33,817,300,992 bytes free

Current=14 Default=14 Failed=13 LastKnownGood=15 Sets=,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
897 --- E O F --- 2009-09-02 07:00

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 AM

Posted 07 September 2009 - 11:31 AM

We're making progress, but still much to do.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
xcbkkibv
thgkfkqr

File::
c:\windows\system32\kukolare.dll
c:\windows\system32\libinisu.dll
c:\windows\ofaxuqot.dll
c:\windows\system32\duzemibe.dll
c:\windows\system32\drivers\rxerxcdxrqrnspwm.sys
c:\windows\system32\drivers\pfjwiwtixvdegeqx.sys
c:\windows\system32\drivers\opcbqpxdsvrxnqwm.sys
c:\windows\system32\drivers\uyuwpcvkpjkibcjp.sys
c:\windows\system32\drivers\kuibitqfvkpfvree.sys
c:\windows\system32\drivers\xtivkpfvnsixvspr.sys
c:\windows\system32\drivers\tseqwbvsbcoreeci.sys
c:\windows\system32\drivers\etqxxoufpymdbdyq.sys
c:\windows\system32\drivers\ouoiqmmbaprporie.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"safigokaw"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{d7e763c6-f363-4c2e-8c89-562904eb86f6}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
"jilatasoho"=-
"sibeletag"=-
"Fqamevedecote"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44bb1f2f-9952-af44-cdf3-8d5c09248d49}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b10f01ab-4ac4-4073-b6c5-b57e3a52bbc2}]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=====================



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Note: If you have problems with DrWeb shutting down before it completes the scan you can perform a custom scan and select individual folders to scan. In that case start with C:\Windows\System32


Please post the contents of the log from DrWeb in your next reply.

Edited by Buckeye_Sam, 07 September 2009 - 11:31 AM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 lmg95

lmg95
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 07 September 2009 - 03:33 PM

Hello Again Sam,

I can't thank you enough for your assistance, again thank you.

I will post the Combofix.txt now before I go on the the next step of downloading and running Dr.Web CureIt.

Here is the Combofix.txt as copied from Notepad:

ComboFix 09-09-05.03 - Compaq_Administrator 09/07/2009 14:43.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.746 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\ofaxuqot.dll"
"c:\windows\system32\drivers\etqxxoufpymdbdyq.sys"
"c:\windows\system32\drivers\kuibitqfvkpfvree.sys"
"c:\windows\system32\drivers\opcbqpxdsvrxnqwm.sys"
"c:\windows\system32\drivers\ouoiqmmbaprporie.sys"
"c:\windows\system32\drivers\pfjwiwtixvdegeqx.sys"
"c:\windows\system32\drivers\rxerxcdxrqrnspwm.sys"
"c:\windows\system32\drivers\tseqwbvsbcoreeci.sys"
"c:\windows\system32\drivers\uyuwpcvkpjkibcjp.sys"
"c:\windows\system32\drivers\xtivkpfvnsixvspr.sys"
"c:\windows\system32\duzemibe.dll"
"c:\windows\system32\kukolare.dll"
"c:\windows\system32\libinisu.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Compaq_Administrator\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Compaq_Administrator\Start Menu\Advanced Virus Remover.lnk
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\windows\ofaxuqot.dll
c:\windows\system32\drivers\etqxxoufpymdbdyq.sys
c:\windows\system32\drivers\kuibitqfvkpfvree.sys
c:\windows\system32\drivers\opcbqpxdsvrxnqwm.sys
c:\windows\system32\drivers\ouoiqmmbaprporie.sys
c:\windows\system32\drivers\pfjwiwtixvdegeqx.sys
c:\windows\system32\drivers\rxerxcdxrqrnspwm.sys
c:\windows\system32\drivers\tseqwbvsbcoreeci.sys
c:\windows\system32\drivers\uyuwpcvkpjkibcjp.sys
c:\windows\system32\drivers\xtivkpfvnsixvspr.sys
c:\windows\system32\duzemibe.dll
c:\windows\system32\guhegesi.exe
c:\windows\system32\libinisu.dll
c:\windows\system32\viliwesi.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_THGKFKQR
-------\Legacy_XCBKKIBV
-------\Service_thgkfkqr
-------\Service_xcbkkibv


((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-06 16:37 . 2009-09-06 16:37 -------- d-----w- c:\windows\LastGood
2009-09-06 11:07 . 2009-09-06 11:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-05 20:57 . 2009-09-06 05:14 120 ----a-w- c:\windows\Rhajiceki.dat
2009-09-05 20:57 . 2009-09-05 20:57 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{A8B4084C-9EFF-48D9-A537-22871B3C05BD}
2009-09-05 15:42 . 2009-09-05 15:42 574 ----a-w- C:\cleanup.bat
2009-09-05 15:42 . 2009-09-05 15:42 135168 ----a-w- C:\zip.exe
2009-09-05 05:48 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-05 05:48 . 2009-09-05 05:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-09-05 05:47 . 2009-09-05 05:47 -------- d-----w- c:\program files\Lavasoft
2009-09-03 23:30 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 23:30 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 18:10 . 2009-09-03 18:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\WeatherBug
2009-09-03 18:10 . 2009-09-03 18:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-09-03 15:43 . 2009-09-03 15:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-03 09:26 . 2009-09-03 15:54 -------- d-----w- c:\program files\Anti-Virus Professional
2009-09-03 09:15 . 2009-09-03 09:16 1296288 ----a-w- c:\program files\McAfee - DMSetup.exe
2009-09-03 04:50 . 2009-09-03 04:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-03 02:07 . 2009-09-03 02:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security
2009-09-03 02:05 . 2009-09-03 02:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-02 04:00 . 2009-09-02 04:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-25 04:13 . 2009-08-25 04:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\vlc
2009-08-25 02:33 . 2009-08-25 02:33 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Graboid_Inc
2009-08-25 02:33 . 2009-08-25 02:34 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\MozillaControl
2009-08-25 02:33 . 2009-08-25 02:52 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Graboid
2009-08-25 02:32 . 2009-08-25 02:32 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-08-25 02:31 . 2009-08-25 02:31 -------- d-----w- c:\program files\VideoLAN
2009-08-23 13:36 . 2009-08-23 13:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp
2009-08-12 21:45 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 17:07 . 2009-01-13 21:55 345364 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-09-06 17:07 . 2009-01-13 21:55 345364 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-09-06 17:07 . 2009-06-06 17:07 88576 --sha-w- c:\windows\system32\kejebibe.dll
2009-09-06 16:43 . 2009-02-12 01:17 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\NBC Direct
2009-09-06 16:41 . 2009-02-12 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-06 16:34 . 2009-01-13 21:55 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-09-06 16:34 . 2009-01-13 21:55 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-09-06 16:33 . 2009-06-17 20:22 99256 ----a-w- c:\windows\system32\drivers\av5flt.sys
2009-09-05 09:10 . 2009-01-07 05:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-05 05:47 . 2008-02-23 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-05 01:54 . 2009-06-05 01:54 88576 --sha-w- c:\windows\system32\sopejuwi.dll
2009-09-03 23:33 . 2009-01-13 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 17:16 . 2008-07-20 05:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 17:13 . 2008-07-20 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-03 15:52 . 2009-06-03 15:51 49152 --sha-w- c:\windows\system32\volosejo.dll
2009-09-03 09:51 . 2009-01-13 21:36 -------- d-----w- c:\program files\Panda Security
2009-09-03 09:41 . 2008-07-27 21:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 09:14 . 2007-10-18 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-02 04:00 . 2006-12-27 06:29 -------- d-----w- c:\program files\DivX
2009-09-01 16:34 . 2006-12-26 16:56 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\WeatherBug
2009-08-31 07:08 . 2008-08-15 13:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-24 14:07 . 2007-04-08 06:17 442440 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-08-23 13:38 . 2007-02-25 05:56 -------- d-----w- c:\program files\Google
2009-08-14 11:58 . 2009-09-03 08:18 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-09 15:22 . 2006-11-24 23:14 91432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 07:07 . 2009-08-08 07:07 -------- d-----w- c:\program files\MSBuild
2009-08-08 07:06 . 2009-08-08 07:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-10 04:00 204800 ---ha-w- c:\windows\system32\mswebdvd.dll
2009-07-26 22:14 . 2008-10-12 14:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3
2009-07-17 19:01 . 2004-08-10 04:00 58880 ---ha-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 04:00 286720 ---ha-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-10 04:00 730112 ---ha-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 04:00 56832 ---ha-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 04:00 54272 ---ha-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 04:00 301568 ---ha-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 04:00 147456 ---ha-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 04:00 136192 ---ha-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 11:00 92928 ---ha-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 04:00 81920 ---ha-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00 119808 ---ha-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-10 04:00 80896 ---ha-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 11:00 76288 ---ha-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-10 04:00 2066432 ---ha-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-10 04:00 84992 ---ha-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-10 04:00 132096 ---ha-w- c:\windows\system32\wkssvc.dll
2007-01-07 16:15 . 2007-01-07 16:15 6067795 ----a-w- c:\program files\CALENDAR sunbird-0.3.en-US.win32.installer.exe
2007-01-07 15:28 . 2007-01-07 15:28 218306392 ----a-w- c:\program files\M-S ACCOUNTING 2007 MOA7024Express.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 8F078AE4ED187AAABC0A305146DE6716 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 27C6D03BCDB8CFEB96B716F3D8BE3E18 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\svchost.exe
[-] 27C6D03BCDB8CFEB96B716F3D8BE3E18 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\svchost.exe

[-] 1800F293BCCC8EDE8A70E12B88D80036 [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 7AA4F6C00405DFC4B70ED4214E7D687B [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] B409909F6E2E8A7067076ED748ABF1E7 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\$NtServicePackUninstall$\user32.dll
[-] C72661F8552ACE7C5C85E16A3CF505C4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\user32.dll
[-] DE2DB164BBB35DB061AF0997E4499054 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB925902$\user32.dll
[-] B26B135FF1B9F60C9388B4A7D16F600B [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\user32.dll
[-] B26B135FF1B9F60C9388B4A7D16F600B [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\user32.dll

[-] 2ED0B7F12A60F90092081C50FA0EC2B2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2CCC474EB85CEAA3E1FA1726580A3E5A [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2CCC474EB85CEAA3E1FA1726580A3E5A [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\ws2_32.dll

[-] 357D54BF94FE9D6D8505A96B5C2A3BCA [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 0E5D918F87EFA7D2424D66B499C7EB04 [7.00.6000.20696 (vista_ldr.071008-1500)] c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] B5B411BB229AE6EAD7652A32ED47BFB9 [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2B0C24AA747A93A28987B6D65A4A74BC [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 26F240C250E5B4B395CB4B178BA75437 [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 41546B396A526918DA7995A02EA04E51 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] C66402A06B83B036C195242C0C8CF83C [7.00.6000.20861 (vista_ldr.080618-1506)] c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 77C192FE56A70D7FA0247BA0A6201C32 [7.00.6000.20900 (vista_ldr.080820-1506)] c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 0D5B75171FF51775B630A431B6C667E8 [7.00.6000.20935 (vista_ldr.081013-1507)] c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 044E0A4E9FE97C0FB9AFE9C89E2A82E6 [7.00.6000.20978 (vista_ldr.081217-1620)] c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] C8667854873938CA13C986F16B0CD183 [7.00.6000.21020 (vista_ldr.090226-1506)] c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] C0EB6850C8A02A154281749DC61FAF22 [8.00.6001.22873 (longhorn_ie8_ldr.090509-0100)] c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 38114DAB42FB2EB84D1726C42B8D80C5 [8.00.6001.22896 (longhorn_ie8_ldr.090702-0100)] c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] DDE9597A3311748C1519444E2BC147BD [6.00.2900.2823 (xpsp.060106-1527)] c:\windows\$NtUninstallKB912812$\wininet.dll
[-] C0823FC5469663BA63E7DB88F9919D70 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB912945$\wininet.dll
[-] C0845ECBF4F9164E618EE381B79C9032 [6.00.2900.2861 (xpsp.060303-1528)] c:\windows\$NtUninstallKB925454$\wininet.dll
[-] C0845ECBF4F9164E618EE381B79C9032 [6.00.2900.2861 (xpsp.060303-1528)] c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 4261BA03AFD659DE04F0A17DFBDD454D [6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)] c:\windows\$NtUninstallKB937143$\wininet.dll
[-] E1A3DD68B5380B360A7310A64D9BB188 [6.00.2900.3164 (xpsp_sp2_qfe.070626-1258)] c:\windows\$NtUninstallKB939653$\wininet.dll
[-] A1BC17EB3758D73C3938B2318820F5B4 [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 085A7C37F9C6EDE1BA870B7DBEC06399 [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] c:\windows\$NtUninstallKB947864$\wininet.dll
[-] BB1EACD6AB47E78EBCA02EB781550D55 [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2E7DE1BF9418B071799EB53DE8CC22F5 [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] c:\windows\ie7\wininet.dll
[-] 92995334F993E6E49C25C6D02EC04401 [7.00.5730.11 (winmain(wmbla).061017-1135)] c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] A4A0FC92358F39538A6494C42EF99FE9 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 30C1E0F34AD2972C72A01DB5C74AB065 [7.00.6000.16574 (vista_gdr.071008-1500)] c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] A4A0FC92358F39538A6494C42EF99FE9 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] F6589BE784647CFDBC22EA51CCB1A57A [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 8C13D4A7479FA0A026EDA8ABCE82C0ED [7.00.6000.16705 (vista_gdr.080618-1506)] c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] EF8EBA98145BFA44E80D17A3B3453300 [7.00.6000.16735 (vista_gdr.080820-1506)] c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 6741EAF7B7F110E803A6E38F6E5FA6B0 [7.00.6000.16762 (vista_gdr.081013-1507)] c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] A82935D32D0672E8FF4E91AE398E901C [7.00.6000.16791 (vista_gdr.081217-1620)] c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 28775945CCD53DEE280EF58DEA1A94C4 [7.00.6000.16827 (vista_gdr.090226-1506)] c:\windows\ie8\wininet.dll
[-] 6CE32F7778061CCC5814D5E0F282D369 [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 366C72AF6970DB7BB39AB0142BF09DB5 [8.00.6001.18783 (longhorn_ie8_gdr.090508-1700)] c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\wininet.dll
[-] 774435E499D8E9643EC961A6103C361F [7.00.6000.16544 (vista_gdr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\wininet.dll
[-] 357D54BF94FE9D6D8505A96B5C2A3BCA [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\wininet.dll
[-] BE43D00D802C92F01C8CC952C6F483F8 [7.00.6000.16414 (vista_gdr.070108-1520)] c:\windows\SoftwareDistribution\Download\7ebd512f015945a82f2b2e551ed20a74\wininet.dll
[-] 806D274C9A6C3AAEA5EAE8E4AF841E04 [7.00.6000.16608 (vista_gdr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2GDR\wininet.dll
[-] B5B411BB229AE6EAD7652A32ED47BFB9 [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2QFE\wininet.dll
[-] F6589BE784647CFDBC22EA51CCB1A57A [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2GDR\wininet.dll
[-] 41546B396A526918DA7995A02EA04E51 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2QFE\wininet.dll
[-] 30C1E0F34AD2972C72A01DB5C74AB065 [7.00.6000.16574 (vista_gdr.071008-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
[-] 0E5D918F87EFA7D2424D66B499C7EB04 [7.00.6000.20696 (vista_ldr.071008-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
[-] 7E8A47A2E6561274B83E257CE74803FD [8.00.6001.18806 (longhorn_ie8_gdr.090701-1700)] c:\windows\system32\wininet.dll
[-] 7E8A47A2E6561274B83E257CE74803FD [8.00.6001.18806 (longhorn_ie8_gdr.090701-1700)] c:\windows\system32\dllcache\wininet.dll

[-] 6129E70F3D2F1E60860C930EBEAF92C2 [5.1.2600.2631 (xpsp.050313-1526)] c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] B2220C618B42A2212A59D91EBD6FC4B4 [5.1.2600.2892 (xpsp.060420-0256)] c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 64798ECFA43D78C7178375FCDD16D8C8 [5.1.2600.3244 (xpsp_sp2_qfe.071030-1255)] c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 744E57C99232201AE98C49168B918F48 [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] AD978A1B783B5719720CFF204B666C8E [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2A5554FC5B1E04E131230E3CE035C3F9 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 9F4B36614A0FC234525BA224957DE55C [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 0E66B538096A6529D1AC66E78EB0D5C8 [5.1.2600.2631 (xpsp_sp2_gdr.050313-1526)] c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 1DBF125862891817F374F407626967F4 [5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)] c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 93EA8D04EC73A85DB02EB8805988F733 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 90CAFF4B094573449A0872A0F919B178 [5.1.2600.3244 (xpsp_sp2_gdr.071030-1259)] c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 93EA8D04EC73A85DB02EB8805988F733 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\dllcache\tcpip.sys
[-] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\drivers\tcpip.sys

[-] 01C3346C241652F43AED8E2149881BFE [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] ED0EF0A136DEC83DF69F04118870003E [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\winlogon.exe
[-] ED0EF0A136DEC83DF69F04118870003E [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\winlogon.exe

[-] 558635D3AF1C7546D26067D5D9B6959E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 1DF7F42665C94B825322FAE71721130D [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ndis.sys
[-] 1DF7F42665C94B825322FAE71721130D [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\drivers\ndis.sys

[-] 4448006B6BC60E6C027932CFC38D6855 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 3BB22519A194418D5FEC05D800A19AD0 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 3BB22519A194418D5FEC05D800A19AD0 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\drivers\ip6fw.sys

[-] D8ABA3EAB509627E707A3B14F00FBB6B [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 4D3DBDCCBF97F5BA1E74F322B155C3BA [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 607352B9CB3D708C67F6039097801B5A [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] A25E9B86EFFB2AF33BF51E676B68BFB0 [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] A58AC1C6199EF34228ABEE7FC057AE09 [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] FB142B7007CA2EEA76966C6C5CC12150 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 3CD941E472DDF3534E53038535719771 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 8206B5F94A6A9450E934029420C1693F [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 7F653A89F6E89E3AE0D49830EECE35D4 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 5BA7F2141BC6DB06100D0E5A732C617A [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 109F8E3E3C82E337BB71B6BC9B895D61 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 65D4220799E6FC2CB079070A6393CC0E [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\ntkrnlpa.exe
[-] 5BA7F2141BC6DB06100D0E5A732C617A [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 28187802B7C368C0D3AEF7D4C382AABB [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 5A5C8DB4AA962C714C8371FBDF189FC9 [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] EFE8EACE83EAAD5849A7A548FB75B584 [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 31914172342BFF330063F343AC6958FE [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 1220FAF071DEA8653EE21DE7DCDA8BFD [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 626309040459C3915997EF98EC1C8D40 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 48B3E89AF7074CEE0314A3E0C7FAFFDB [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] F6F8245B3A2E9CA834DD318E7AE0C6D0 [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 40F8880122A030A7E9E1FEDEA833B33D [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 7A95B10A73737EBF24139AAA63F5212B [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 0C89243C7C3EE199B96FCC16990E0679 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 0CBA44D0938D57F334C0862424148B70 [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\ntoskrnl.exe
[-] 7A95B10A73737EBF24139AAA63F5212B [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\ntoskrnl.exe

[-] 12896823FB95BFB3DC9B46BCAEDC9923 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\explorer.exe
[-] 7712DF0CDDE3A5AC89843E61CD5B3658 [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 97BD6515465659FF8F3B7BE375B2EA87 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\$NtServicePackUninstall$\explorer.exe
[-] A0732187050030AE399B241436565E64 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 12896823FB95BFB3DC9B46BCAEDC9923 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\explorer.exe

[-] 020CEAAEDC8EB655B6506B8C70D53BB6 [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] C6CE6EEC82F187615D1002BB3BB50ED4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\services.exe
[-] 0E776ED5F7CC9F94299E70461B7B8185 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB956572$\services.exe
[-] 0E776ED5F7CC9F94299E70461B7B8185 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\services.exe
[-] 65DF52F5B8B6E9BBD183505225C37315 [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\services.exe
[-] 65DF52F5B8B6E9BBD183505225C37315 [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\services.exe

[-] 84885F9B82F4D55C6146EBF6065D75D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\lsass.exe
[-] BF2466B3E18E970D8A976FB95FC1CA85 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\lsass.exe
[-] BF2466B3E18E970D8A976FB95FC1CA85 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\lsass.exe

[-] 24232996A38C0B0CF151C2140AE29FC8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 5F1D5F88303D4A4DBC8E5F97BA967CC3 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 5F1D5F88303D4A4DBC8E5F97BA967CC3 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\ctfmon.exe

[-] AD3D9D191AEA7B5445FE1D82FFBB4788 [5.1.2600.2696 (xpsp.050610-1527)] c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 7435B108B935E42EA92CA94F59C8E717 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\spoolsv.exe

[-] 39B1FFB03C2296323832ACBAE50D2AFF [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\userinit.exe
[-] A93AEE1928A9D7CE3E16D24EC7380F89 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\userinit.exe
[-] A93AEE1928A9D7CE3E16D24EC7380F89 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\userinit.exe
[-] A93AEE1928A9D7CE3E16D24EC7380F89 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\dllcache\userinit.exe

[-] C29A5286E64D97385178452D5F307B98 [5.1.2600.2627 (xpsp.050309-1716)] c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] FF3477C03BE7201C294C35F684B3479F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\termsrv.dll
[-] FF3477C03BE7201C294C35F684B3479F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\termsrv.dll

[-] 0FDD84928A5DDE2510761B7EC76CCEC9 [5.1.2600.2945 (xpsp.060704-2357)] c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 09F7CB3687F86EDAA4CA081F7AB66C03 [5.1.2600.3119 (xpsp_sp2_qfe.070416-1259)] c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] DA11D9D6ECBDF0F93436A4B7C13F7BEC [5.1.2600.5781 (xpsp_sp3_qfe.090321-1341)] c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] A01F9CA902A88F7CED06884174D6419D [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 888190E31455FAD793312F8D087146EB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 888190E31455FAD793312F8D087146EB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] C24B983D211C34DA8FCC1AC38477971D [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] C24B983D211C34DA8FCC1AC38477971D [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\kernel32.dll
[-] B921FB870C9AC0D509B2CCABBBBE95F3 [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] c:\windows\system32\kernel32.dll
[-] B921FB870C9AC0D509B2CCABBBBE95F3 [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] c:\windows\system32\dllcache\kernel32.dll

[-] 1B5F6923ABB450692E9FE0672C897AED [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 50A166237A0FA771261275A405646CC0 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 50A166237A0FA771261275A405646CC0 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\system32\powrprof.dll

[-] 87CA7CE6469577F059297B9D6556D66D [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 0DA85218E92526972A821587E6A8BF8F [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\imm32.dll
[-] 0DA85218E92526972A821587E6A8BF8F [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\imm32.dll

[-] AA8A4BD78D24FCDB96DDAEE3756AA372 [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 54D8B404F17AA74C666F7F3AEF2AE459 [7.00.6000.20710 (vista_ldr.071026-1500)] c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 976C46ED4A75FC66D9C596778898CE1E [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] FE406DE0651C9E8201DCB0460609D739 [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 46A61BA430110F00DD990D058AA3D054 [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 4D612FF5D3B7EEF200595AE6F95D5E68 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 28B8231CA8D55FC85E027A57C90F5C88 [7.00.6000.20861 (vista_ldr.080618-1506)] c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 25CC085720EE3617FD1F8AB9E2F7CAB2 [7.00.6000.20900 (vista_ldr.080820-1506)] c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] B74F31A4BD83797D7A083F922169287D [7.00.6000.20935 (vista_ldr.081013-1507)] c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] C79FAD61CD4A26ED5AA8C16D991C6FBD [7.00.6000.20973 (vista_ldr.081211-1619)] c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] CC9D001B7370B292C35B366CA05B12B4 [7.00.6000.20996 (vista_ldr.090114-1504)] c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 1BB754AB47B327DE8DBF2FA18C36357C [7.00.6000.21015 (vista_ldr.090218-1505)] c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 1290E417BF806185CC7B2845E78A104E [8.00.6001.22873 (longhorn_ie8_ldr.090509-0100)] c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] F25D866DD486AD30E05E5596CB363C3E [8.00.6001.22902 (longhorn_ie8_ldr.090718-0500)] c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 51C91AC189321A320FC4BC90B56255A3 [6.00.2900.2838 (xpsp.060131-1525)] c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 376E0843B2356CA91CEC8D9837A56FF7 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB912945$\mshtml.dll
[-] ABCD123F888E4E97C8751378CCCC4F26 [6.00.2900.2873 (xpsp.060322-1626)] c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] ABCD123F888E4E97C8751378CCCC4F26 [6.00.2900.2873 (xpsp.060322-1626)] c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 00ADCB32832A10ED9419493BCEA97526 [6.00.2900.3132 (xpsp_sp2_qfe.070504-1301)] c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 53F3FD772C010622346C39284C4A863B [6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)] c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 885E3BF99EA4B2213901EBC35B34CF12 [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] c:\windows\$NtUninstallKB944533$\mshtml.dll
[-] 8A4DD074DEC1B0C063C8493ABF654CBC [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] c:\windows\$NtUninstallKB947864$\mshtml.dll
[-] 701A6798DDF875CAA3A5099EE75FD57F [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] c:\windows\$NtUninstallKB950759$\mshtml.dll
[-] 083B967E6B0B2BB539CE6B08D45D631F [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] c:\windows\ie7\mshtml.dll
[-] CBF04597F9CF7739E572276A2698FDD3 [7.00.5730.11 (winmain(wmbla).061017-1135)] c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] C6EC2493346ED8888A549F59210A8ED3 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 8AB7ECF59D6EBBE986277B65ED4A40A1 [7.00.6000.16587 (vista_gdr.071026-1500)] c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] C6EC2493346ED8888A549F59210A8ED3 [7.00.5730.13 (longhorn(wmbla).070711-1130)] c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 8976CAB317105F7431B08EA32AB73C65 [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] EC936148284F557F19C333178768109B [7.00.6000.16705 (vista_gdr.080618-1506)] c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 1AD035E04A7068EC2820B055A3131ED8 [7.00.6000.16735 (vista_gdr.080820-1506)] c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] EACAEDEF6FA2A969DE5B36190D45396F [7.00.6000.16762 (vista_gdr.081013-1507)] c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 121EC39A64D64205A88C2C45B034B455 [7.00.6000.16788 (vista_gdr.081211-1619)] c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 3B413267DA8AE71C20E5EF3E54F74728 [7.00.6000.16809 (vista_gdr.090114-1504)] c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] C7C3E41CC2F6EB4A629FE2184136C098 [7.00.6000.16825 (vista_gdr.090218-1505)] c:\windows\ie8\mshtml.dll
[-] D469A0EBA2EF5C6BEE8065B7E3196E5E [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] EEAADAA744B20E68CF5EB4FBB4F8AFA9 [8.00.6001.18783 (longhorn_ie8_gdr.090508-1700)] c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] A706E122B398FE1AB85CB9B75D044223 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\mshtml.dll
[-] E267EE248CDA7667C19001C069DE867B [7.00.6000.16544 (vista_gdr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\mshtml.dll
[-] AA8A4BD78D24FCDB96DDAEE3756AA372 [7.00.6000.20661 (vista_ldr.070814-1500)] c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\mshtml.dll
[-] 5D45318804A30CE9D6EA83066E84B4A7 [7.00.6000.16414 (vista_gdr.070108-1520)] c:\windows\SoftwareDistribution\Download\7ebd512f015945a82f2b2e551ed20a74\mshtml.dll
[-] A097C36412455F0C7E42377FAF8809B7 [7.00.6000.16608 (vista_gdr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2GDR\mshtml.dll
[-] 976C46ED4A75FC66D9C596778898CE1E [7.00.6000.20733 (vista_ldr.071204-1500)] c:\windows\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2QFE\mshtml.dll
[-] 8976CAB317105F7431B08EA32AB73C65 [7.00.6000.16674 (vista_gdr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2GDR\mshtml.dll
[-] 4D612FF5D3B7EEF200595AE6F95D5E68 [7.00.6000.20815 (vista_ldr.080415-1732)] c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2QFE\mshtml.dll
[-] 8AB7ECF59D6EBBE986277B65ED4A40A1 [7.00.6000.16587 (vista_gdr.071026-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\mshtml.dll
[-] 54D8B404F17AA74C666F7F3AEF2AE459 [7.00.6000.20710 (vista_ldr.071026-1500)] c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\mshtml.dll
[-] 5A32B43A48D6DCA339BF24105D9A028F [8.00.6001.18812 (longhorn_ie8_gdr.090717-2100)] c:\windows\system32\mshtml.dll
[-] 5A32B43A48D6DCA339BF24105D9A028F [8.00.6001.18812 (longhorn_ie8_gdr.090717-2100)] c:\windows\system32\dllcache\mshtml.dll

[-] EBDEE8A2EE5393890A1ACEE971C4C246 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 463C1EC80CD17420A542B7F36A36F128 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 463C1EC80CD17420A542B7F36A36F128 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\drivers\kbdclass.sys
[-] EBDEE8A2EE5393890A1ACEE971C4C246 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys

[-] 6728270CB7DBB776ED086F5AC4C82310 [2001.12.4414.258] c:\windows\$NtServicePackUninstall$\comres.dll
[-] 1280A158C722FA95A80FB7AEBE78FA7D [2001.12.4414.700] c:\windows\ServicePackFiles\i386\comres.dll
[-] 1280A158C722FA95A80FB7AEBE78FA7D [2001.12.4414.700] c:\windows\system32\comres.dll

[-] 74D66B3DE265E8789153414E75175F26 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 012DF358CEBAA23ACB26D82077820817 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\lpk.dll
[-] 012DF358CEBAA23ACB26D82077820817 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\lpk.dll

[-] DA1F27D85E0D1525F6621372E7B685E9 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\dllcache\beep.sys
[-] DA1F27D85E0D1525F6621372E7B685E9 [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\drivers\beep.sys

[-] 73C1E1F395918BC2C6DD67AF7591A3AD [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\dllcache\null.sys
[-] 73C1E1F395918BC2C6DD67AF7591A3AD [5.1.2600.0 (XPClient.010817-1148)] c:\windows\system32\drivers\null.sys

[-] 925F8B61ED301A317BA850EBEECBDAA0 [4.1.0.61] c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] DDF8D47ACF8FC3FE5F7F2B95C4D4D136 [4.1.6140] c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] CDDD4416B2B4C7295FE3FDB6DDE57E4E [4.1.0.61] c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] CDDD4416B2B4C7295FE3FDB6DDE57E4E [4.1.0.61] c:\windows\system32\mfc40u.dll

[-] C369DF215D352B6F3A0B8C3469AA34F8 [5.1.2600.2726 (xpsp.050725-1531)] c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 9222562D44021B988B9F9F62207FB6F2 [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] CE94A2BD25E3E9F4D46A7373FF455C6D [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 5C83A4408604F737717AB96371201680 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2589FE6015A316C0F5D5112B4DA7B509 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2589FE6015A316C0F5D5112B4DA7B509 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 6B27A5C03DFB94B4245739065431322C [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\rpcss.dll
[-] 6B27A5C03DFB94B4245739065431322C [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] c:\windows\system32\dllcache\rpcss.dll

[-] 95FD808E4AC22ABA025A7B3EAC0375D2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 986B1FF5814366D71E0AC5755C88F2D3 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 986B1FF5814366D71E0AC5755C88F2D3 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\msgsvc.dll

[-] B0124CB21D28B1C9F678B566B6B57D92 [5.82 (xpsp.060825-0040)] c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] A77DFB85FAEE49D66C74DA6024EBC69B [5.82 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] AEF3D788DBF40C7C4D204EA45EB0C505 [6.0 (xpclient.010817-1148)] c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 06F247492BC786CE5C24A23E178C711A [5.82 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 06F247492BC786CE5C24A23E178C711A [5.82 (xpsp.080413-2105)] c:\windows\system32\comctl32.dll
[-] AEF3D788DBF40C7C4D204EA45EB0C505 [6.0 (xpclient.010817-1148)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 5AF68A5E44734A082442668E9C787743 [6.0 (xpsp_sp2_rtm.040803-2158)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] C4E80875C1CF1222FC5EFD0314AE5C01 [6.0 (xpsp.060825-0040)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] BD38D1EBE24A46BD3EDA059560AFBA12 [6.0 (xpsp.080413-2105)] c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 9859C0F6936E723E4892D7141B1327D5 [5.1.2600.0 (xpclient.010817-1148)] c:\windows\system32\drivers\acpiec.sys

[-] E8A12A12EA9088B4327D49EDCA3ADD3E [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 96E1C926F22EE1BFBAE82901A35F6BF3 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\sfc.dll
[-] 96E1C926F22EE1BFBAE82901A35F6BF3 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\sfc.dll

[-] 96353FCECBA774BB8DA74A1C6507015A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 1B7F071C51B77C272875C3A23E1E4550 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 1B7F071C51B77C272875C3A23E1E4550 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\netlogon.dll

[-] 2C69EC7E5A311334D10DD95F338FCCEA [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 574738F61FCA2935F5265DC4E5691314 [6.7.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 574738F61FCA2935F5265DC4E5691314 [6.7.2600.5512 (xpsp.080413-2108)] c:\windows\system32\qmgr.dll
[-] 574738F61FCA2935F5265DC4E5691314 [6.7.2600.5512 (xpsp.080413-2108)] c:\windows\system32\bits\qmgr.dll

[-] 0F78E27F563F2AAF74B91A49E2ABF19A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\scecli.dll
[-] A86BB5E61BF3E39B62AB4C7E7085A084 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\scecli.dll
[-] A86BB5E61BF3E39B62AB4C7E7085A084 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\scecli.dll

[-] 82B24CB70E5944E6E34662205A2A5B78 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 6D4FEB43EE538FC5428CC7F0565AA656 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 6D4FEB43EE538FC5428CC7F0565AA656 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\eventlog.dll

[-] 02000ABF34AF4C218C35D257024807D6 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] B153AFFAC761E7F5FCFA822B9C4E97BC [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] B153AFFAC761E7F5FCFA822B9C4E97BC [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\drivers\asyncmac.sys

[-] 05AB81909514BFD69CBB1F2C147CF6B9 [5.1.2600.3081 (xpsp_sp2_qfe.070209-0034)] c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 19A811EF5F1ED5C926A028CE107FF1AF [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] B78BE402C3F63DD55521F73876951CDD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] B78BE402C3F63DD55521F73876951CDD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\I386\NTFS.SYS
[-] 78A08DD6A8D65E697C18E1DB01C5CDCA [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 78A08DD6A8D65E697C18E1DB01C5CDCA [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\drivers\ntfs.sys

[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 6EAA72FD9EF993EC1FA9A06DE65105DA [10.0.3790.3646] c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\system32\MsPMSNSv.dll
[-] B9715B9C18BC6C8F4B66733D208CC9F7 [10.0.3790.4332] c:\windows\system32\dllcache\mspmsnsv.dll

[-] EEF46DAB68229A14DA3D8E73C99E2959 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 295D21F14C335B53CB8154E5B1F892B9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 295D21F14C335B53CB8154E5B1F892B9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\xmlprov.dll

[-] 10654F9DDCEA9C46CFB77554231BE73B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 3D4E199942E29207970E04315D02AD3B [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 3D4E199942E29207970E04315D02AD3B [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\cryptsvc.dll

[-] E3CFCCDDA4EDD1D0DC9168B2E18F27B8 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\browser.dll
[-] A06CE3399D16DB864F55FAEB1F1927A9 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\browser.dll
[-] A06CE3399D16DB864F55FAEB1F1927A9 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\browser.dll

[-] 1418A3A6E76E5A2E3F5E43866E793A8B [5.1.2600.2716 (xpsp.050707-1657)] c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] FB78839B36025AA286A51289ED28B73E [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] EB4A4187D74A8EFDCBEA3EA2CB1BDFBD [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 3CB78C17BB664637787C9A1C98F79C38 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 3CB78C17BB664637787C9A1C98F79C38 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\tapisrv.dll

[-] 1DFCA7713EA5A70D5D93B436AEA0317A [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 832E4DD8964AB7ACC880B2837CB1ED20 [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] FCEE5FCB99F7C724593365C706D28388 [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 097722F235A1FB698BF9234E01B52637 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] B4138E99236F0F57D4CF49BAE98A0746 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 4E74AF063C3271FBEA20DD940CFD1184 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB951748_0$\mswsock.dll
[-] B4138E99236F0F57D4CF49BAE98A0746 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 832E4DD8964AB7ACC880B2837CB1ED20 [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\mswsock.dll
[-] 832E4DD8964AB7ACC880B2837CB1ED20 [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\system32\dllcache\mswsock.dll

[-] 3516D8A18B36784B1005B950B84232E1 [5.1.2600.2743 (xpsp.050819-1528)] c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 36739B39267914BA69AD0610A0299732 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\$NtServicePackUninstall$\netman.dll
[-] DAB9E6C7105D2EF49876FE92C524F565 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB905414$\netman.dll
[-] 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\netman.dll
[-] 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\netman.dll

[-] 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 [2001.12.4414.308] c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] A4AB3DCA4A383F0DF4988ABDEB84F9A4 [2001.12.4414.320] c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] D4991D98F2DB73C60D042F1AEF79EFAE [2001.12.4414.706] c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] F17F6226BDC0CD5F0BEF0DAF84D29BEC [2001.12.4414.706] c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 60D1A6342238378BFB7545C81EE3606C [2001.12.4414.320] c:\windows\$NtServicePackUninstall$\es.dll
[-] ACD36A2DD7D1E9D8A060AA651DC07E63 [2001.12.4414.258] c:\windows\$NtUninstallKB902400$\es.dll
[-] 19A799805B24990867B00C120D300C3A [2001.12.4414.701] c:\windows\$NtUninstallKB950974$\es.dll
[-] 34BBD9ACC1538818F2C878898C64E793 [2001.12.4414.308] c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 19A799805B24990867B00C120D300C3A [2001.12.4414.701] c:\windows\ServicePackFiles\i386\es.dll
[-] D4991D98F2DB73C60D042F1AEF79EFAE [2001.12.4414.706] c:\windows\system32\es.dll
[-] D4991D98F2DB73C60D042F1AEF79EFAE [2001.12.4414.706] c:\windows\system32\dllcache\es.dll

[-] 648BF0B4DDE4F7A1156DAE7174D36EFA [5.1.2600.2751 (xpsp.050831-1531)] c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] A1A688EE56CF3BBD24EDEB815D48E9BA [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] C2BBD044C741EA4292016C36F718D2E4 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2DC5A8019E2387987905F77C664E4BE2 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2DC5A8019E2387987905F77C664E4BE2 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\linkinfo.dll

[-] 4B8D61792F7175BED48859CC18CE4E38 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 0A5679B3714EDAB99E357057EE88FCA6 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 0A5679B3714EDAB99E357057EE88FCA6 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\ssdpsrv.dll

[-] 36ACA6CDC19C95FF468A1426EB7F32F0 [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] ACA5D98663D879C6BAAFCEA7E2F1B710 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 0546477BDE979E33294FE97F6B3DE84A [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\upnphost.dll

[-] 92BDF74F12D6CBEC43C94D4B7F804838 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 3805DF0AC4296A34BA4BF93B346CC378 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 3805DF0AC4296A34BA4BF93B346CC378 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\srsvc.dll

[-] 49911DD39E023BB6C45E4E436CFBD297 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] F92E1076C42FCD6DB3D72D8CFE9816D5 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] F92E1076C42FCD6DB3D72D8CFE9816D5 [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\wscntfy.exe

[-] B62F29C00AC55A761B2E45877D85EA0F [5.1.2400.2180] c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 156F64A3345BD23C600655FB4D10BC08 [5.1.2400.5512] c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 156F64A3345BD23C600655FB4D10BC08 [5.1.2400.5512] c:\windows\system32\ntmssvc.dll

[-] 44DB7A9BDD2FB58747D123FBF1D35ADB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] AD188BE7BDF94E8DF4CA0A55C00A5073 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\rasauto.dll
[-] AD188BE7BDF94E8DF4CA0A55C00A5073 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\system32\rasauto.dll

[-] 30A609E00BD1D4FFC49D6B5A432BE7F2 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 9DD07AF82244867CA36681EA2D29CE79 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 9DD07AF82244867CA36681EA2D29CE79 [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\sfcfiles.dll

[-] 92360854316611F6CC471612213C3D92 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 0A9A7365A1CA4319AA7C1D6CD8E4EAFA [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 0A9A7365A1CA4319AA7C1D6CD8E4EAFA [5.1.2600.5512 (xpsp.080413-2108)] c:\windows\system32\schedsvc.dll

[-] 3151427DB7D87107D1C5BE58FAC53960 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 5B19B557B0C188210A56A6B699D90B8F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 5B19B557B0C188210A56A6B699D90B8F [5.1.2600.5512 (xpsp.080413-2111)] c:\windows\system32\regsvc.dll

[-] 53D9184A21C5CBF600D918E51EF3A7E5 [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 6815DEF9B810AEFAC107EEAF72DA6F82 [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] E7518DC542D3EBDCB80EDD98462C7821 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 1926899BF9FFE2602B63074971700412 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 1926899BF9FFE2602B63074971700412 [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\system32\shsvcs.dll

[-] 1EE7B434BA961EF845DE136224C30FEC [5.1.2601.2180] c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 1EE7B434BA961EF845DE136224C30FEC [5.1.2601.2180] c:\windows\$NtServicePackUninstall$\aec.sys
[-] 841F385C6CFAF66B58FBD898722BB4F0 [5.1.2601.2078] c:\windows\$NtUninstallKB900485$\aec.sys
[-] 8BED39E3C35D6A489438B8141717A557 [5.1.2601.3142] c:\windows\ServicePackFiles\i386\aec.sys
[-] 8BED39E3C35D6A489438B8141717A557 [5.1.2601.3142] c:\windows\system32\drivers\aec.sys

[-] 9C3C12975C97119412802B181FBEEFFE [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] D8849F77C0B66226335A59D26CB4EDC6 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] D8849F77C0B66226335A59D26CB4EDC6 [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-06_16.34.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-30 20:51 . 2009-09-06 16:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-09-06 11:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 20:51 . 2009-09-06 16:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 20:51 . 2009-09-06 11:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-06 16:37 . 2008-04-14 00:12 32256 c:\windows\LastGood\system32\wups.dll
+ 2009-06-09 15:14 . 2009-09-06 16:52 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-09 15:14 . 2009-09-06 16:07 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 1343488]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-03-13 2210632]
"DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-02-09 1113152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-24 7700480]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-24 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-08 185872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-07-17 857344]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"sibeletag"="c:\windows\system32\kejebibe.dll" [2009-09-06 88576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-24 1622016]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-10-12 1078]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-11-24 36903]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-7-25 67128]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{af3bfe9f-7daf-4a42-9037-a20fd12a3300}"= "c:\windows\system32\kejebibe.dll" [2009-09-06 88576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"deratuzoj"= {af3bfe9f-7daf-4a42-9037-a20fd12a3300} - c:\windows\system32\kejebibe.dll [2009-09-06 88576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 22:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ne32nv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1172989024\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1172989024\\EE\\aolsoftware.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\U3\\U3Launcher\\LaunchU3.exe"=
"c:\\hp\\KBD\\kbd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
"57124:TCP"= 57124:TCP:PMB P2P TCP Listening Port
"57124:UDP"= 57124:UDP:PMB P2P UDP Listening Port

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [1/13/2009 4:40 PM 158848]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [1/13/2009 4:36 PM 197888]
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/13/2009 4:31 PM 28544]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [1/13/2009 4:40 PM 73728]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [1/13/2009 4:55 PM 52992]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [1/13/2009 4:40 PM 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [1/13/2009 4:55 PM 193792]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/13/2009 4:27 PM 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [1/13/2009 4:55 PM 46720]
S2 gupdate1c8d35a59481f8b;Google Update Service (gupdate1c8d35a59481f8b);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2008 12:01 AM 133104]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/13/2009 4:27 PM 179640]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\psksvc.exe [1/13/2009 4:39 PM 28928]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [6/17/2009 3:22 PM 99256]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 sassvc;ProgramCheckerPro;c:\program files\Zenturi\ProgramChecker\sassvc.exe [2/15/2006 5:17 PM 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-08-26 c:\windows\Tasks\Basic clean-up.job
- c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2009-01-13 23:55]

2009-08-25 c:\windows\Tasks\Basic clean-up1.job
- c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2009-01-13 23:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6n6zvnb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.searchsave.com/index.php?req=search&sm=addbarsearch&source=1&term=
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6n6zvnb.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6n6zvnb.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - HiddenExtension: XUL Cache: {752D1495-DD74-4BE1-9232-52021A13C56D} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{752D1495-DD74-4BE1-9232-52021A13C56D}\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XUL Cache: {A8B4084C-9EFF-48D9-A537-22871B3C05BD} - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{A8B4084C-9EFF-48D9-A537-22871B3C05BD}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 14:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"


[HKEY_LOCAL_MACHINE\System\ControlSet014\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2849610097-4178618506-39320026-1007\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\avldr.dll

- - - - - - - > 'lsass.exe'(1056)
c:\windows\ne32nv.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(716)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\ne32nv.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-09-07 15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 20:17
ComboFix2.txt 2009-09-06 16:56

Pre-Run: 34,920,931,328 bytes free
Post-Run: 34,910,699,520 bytes free

Current=14 Default=14 Failed=13 LastKnownGood=15 Sets=,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
712 --- E O F --- 2009-09-02 07:00


I will post this now, then work with the Dr.Web CureIt which will follow.
Step by Step
Brick by Brick

Thank You,

lmg95

#10 lmg95

lmg95
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 07 September 2009 - 04:45 PM

Hi Sam,

I have made several attempts to download and run Dr. Web CureIt.

I would get an error report window stating 27uwgXP.exe has encountered a problem and needs to close.


Past that, when I double click on the CureIt icon, either Run or Save, a green Dr. CureIt window give a choice of Start or Update, which takes me to a Dr. Cure It web page to download a demo. After download I would get a Windows Installer Screen stating:

The System Administrator has set policies to prevent this installation.

Therefore, It is a no-go with Dr.CureIt.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 AM

Posted 07 September 2009 - 05:41 PM

Let's try something a little different then.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 lmg95

lmg95
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 07 September 2009 - 10:45 PM

Hi Sam,

The ESET Online Scanner Log is posted here below:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=279e052fbf630c4bb227bd78bc29c06e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-08 02:54:06
# local_time=2009-09-07 09:54:06 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1538 61 100 100 264889843750
# scanned=215777
# found=64
# cleaned=64
# scan_time=7014
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.ADM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.25327 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.72280 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.81332 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83423 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.95285 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\fyblb.exe.vir a variant of Win32/Kryptik.AJT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\hpbyv.exe.vir a variant of Win32/Kryptik.JJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\12097344\12097344.exe.vir a variant of Win32/Kryptik.AJC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\msc.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\msd.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\mse.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\msf.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\msg.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\msh.exe.vir a variant of Win32/Kryptik.ADD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\aJjSAJjl.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\aqawgjuy.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\asfljgcc.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\bbJlkjlm.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir a variant of Win32/Kryptik.AIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\CdJklnmp.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbefMoq.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\fOpsBJjl.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\foyuroke.dll.vir a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\gjmVwGgh.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\guhegesi.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\hekonala.dll.vir a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\HiSAIOWa.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\HNTDffii.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\HPVvyyxx.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Iijknnpo.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\jilosuka.exe.vir a variant of Win32/Kryptik.AJC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\lanefiki.dll.vir a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\lludtqjb.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml71.dll.vir Win32/TrojanDownloader.FakeAlert.AEQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\nafugizu.dll.vir a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\NmpoWvut.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\oVGikUtv.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACigwgtwekag.dll.vir Win32/Adware.CoreguardAntivirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtuxwxwgjxj.dll.vir Win32/Olmarik.IJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwhaaqvjfio.dll.vir Win32/Olmarik.KI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\VEKTDJjl.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\viliwesi.dll.vir a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wingenocx.dll.vir Win32/Adware.CoreguardAntivirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir Win32/Adware.XPAntiSpyware.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wscsvc32.exe.vir Win32/Adware.CoreguardAntivirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\XGOpWvut.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\yavawoji.exe.vir a variant of Win32/Kryptik.AJC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\yyhnrqci.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\zupujozo.dll.vir a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\figaro.sys.vir a variant of Win32/UltimateDefender.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACdrftypyyge.sys.vir a variant of Win32/Olmarik.HI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000088.dll a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000144.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000146.dll a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000148.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\kejebibe.dll a variant of Win32/Kryptik.AJK trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sopejuwi.dll a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\volosejo.dll a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Thank you again, and awaiting your responce,

Respectfully,

LMG95

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 AM

Posted 08 September 2009 - 10:17 AM

Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 lmg95

lmg95
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 08 September 2009 - 05:12 PM

Hi Sam,

Thank you, thank you, thank you!
And Thanks Again!

I wanted to post this first before checking the functions of the computer. I can say that it rebooted just fine,
except-
Screen titled Microsoft Visual C++ Runtime Library Runtime Error! Program...\PandaSecurity\PandaGlobalProtection2009\TPSrv.exe
"This Application Has requested the runtime to terminate it in an unusual way. Please Contact the applications support team for more information"

I will post the Mbam log here now, and then attempt to get Panda to run properly, etc. I will post back on same as well as how the computer is behaving shortly, in the meantime, here is the mbam log:

Malwarebytes' Anti-Malware 1.40
Database version: 2759
Windows 5.1.2600 Service Pack 3

9/8/2009 4:42:21 PM
mbam-log-2009-09-08 (16-42-21).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 329750
Time elapsed: 2 hour(s), 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sibeletag (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: ne32nv.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Anti-Virus Professional (Rogue.Anti-VirusProfessional) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\ne32nv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Qoobox\Quarantine\C\cleanup.exe.vir (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-4948478588-6770174966-481714636-0977\msimfo32.exe.vir (Worm.Rimecud) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000132.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000147.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Virus Professional\nutilities.dll (Rogue.Anti-VirusProfessional) -> Quarantined and deleted successfully.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 AM

Posted 09 September 2009 - 12:15 PM

Did you get Panda working again? If not, I think I may know what the issue is.

We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

Also the malwarebytes log showed a couple things that required a reboot to remove properly. Sometimes they don't go easily so you may want to run a quick scan with malwarebytes and just confirm that it comes up clean. If it's not clean, please post the log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users