Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sdra64 and rootrepeal not working


  • This topic is locked This topic is locked
20 replies to this topic

#1 laveryuk

laveryuk

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 31 December 2009 - 05:27 AM

Hi,
The Firefox browser window is not displayed the first time after the computer has been started up and running Windows XP Professional Version 2002 SP3. In Task Manager the firefox.exe is running. When the firefox.exe process is ended and restarted, it will take a very long time to display the browser window. When I looked at the task manager again I noticed that wmiprvse was running at about 25%. When I end both the wmiprvse and firefox processes, the wmiprvse process restarts with 0 to 1% and the firefox browser is displayed in a reasonable time.

During browsing, a tab is randomly opened and a random webpage is displayed. These webpages can be removed.

Over the past couple of weeks I have run full scans of my boot drive with the latest versions of the following applications:
A-Squared Free
Avira AntiVir
Malwarebytes' Anti-Malware
Ad-Aware
SuperAntiSpy

Each time, hi-risk trojans have been found and deleted/quarantined. A few occasions I have run regedit to remove bad entries in the HKEY_LOCAL_MACHINE\SOFTWARE|Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit or Shell registries. e.g. rundll32.exe, twex.exe, sdra64.exe and cdav.ixo ukqudnn. I used the 60 second timer method for removing the bad entry.
Today it is "msjiyf32.exe" in the Userinit registry.

Since then I've been following your Preparation guide which got stuck at the RootRepeal stage when it was scanning F:Program Files/audiograbber.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Pau Lavery at 18:26:55.12 on 30/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1430 [GMT 0:00]

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
F:\WINDOWS\system32\svchost -k rpcss
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\WINDOWS\System32\svchost.exe -k NetworkService
F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\a-squared Free\a2service.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Kontiki\KService.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\Program Files\O2\bin\sprtsvc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\WINDOWS\System32\wbem\unsecapp.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Kontiki\KHost.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\WINDOWS\explorer.exe
F:\Program Files\IObit\Game Booster\gbtray.exe
F:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
F:\Program Files\Cobian Backup 9\cbService.exe
F:\Program Files\Cobian Backup 9\cbInterface.exe
F:\WINDOWS\System32\svchost.exe -k imgsvc
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Documents and Settings\Pau Lavery\My Documents\Downloads\dds.scr
F:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=f:\windows\system32\userinit.exe,f:\windows\system32\mscxqw32.exe,f:\windows\system32\sdra64.exe,
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {B0652DA0-8ACC-48E0-9515-64B46D9C136B} - No File
BHO: {BD0652CF-B674-451C-B651-AE944C746BA0} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] f:\windows\system32\ctfmon.exe
uRun: [kdx] f:\program files\kontiki\KHost.exe -all
uRun: [NBJ] "f:\program files\ahead\nero backitup\NBJ.exe"
uRun: [SpybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] f:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NVMixerTray] "f:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] f:\windows\system32\NeroCheck.exe
mRun: [Launch Ai Booster] "f:\program files\asus\ai booster\OverClk.exe"
mRun: [WheelMouse] f:\program files\trust\gm-4600 gamer mouse\Amoumain.exe
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [tsnpstd3] f:\windows\tsnpstd3.exe
mRun: [snpstd3] f:\windows\vsnpstd3.exe
mRun: [O2] "f:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [ISUSScheduler] "f:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Ad-Watch] f:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "f:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE f:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UnlockerAssistant] "f:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Cobian Backup 9 interface] "f:\program files\cobian backup 9\cbInterface.exe" -service
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///F:/Program%20Files/Safecracker/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - f:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233585462500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233585444187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///F:/Program%20Files/Safecracker/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - f:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 f:\windows\system32\wvUmkHBu

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\paulav~1\applic~1\mozilla\firefox\profiles\kiu4imkr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - plugin: f:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: f:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: f:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;f:\windows\system32\drivers\Lbd.sys [2009-1-31 64288]
R1 avgio;avgio;f:\program files\avira\antivir desktop\avgio.sys [2009-8-8 11608]
R1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 a2free;a-squared Free Service;f:\program files\a-squared free\a2service.exe [2007-9-25 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\avira\antivir desktop\sched.exe [2009-8-8 108289]
R2 avgntflt;avgntflt;f:\windows\system32\drivers\avgntflt.sys [2009-4-30 56816]
R2 CobianBackupAmanita;Cobian Backup 9 service;f:\program files\cobian backup 9\cbService.exe [2009-12-30 583168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);f:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 SASENUM;SASENUM;f:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S2 gupdate1c999a390a940a0;Google Update Service (gupdate1c999a390a940a0);f:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
S3 AntiVirService;Avira AntiVir Guard;f:\program files\avira\antivir desktop\avguard.exe [2009-8-8 185089]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 eplsw2k;SCM Parallel Port LS-120 Driver;f:\windows\system32\drivers\eplsw2k.sys [2007-9-27 142567]

=============== Created Last 30 ================

2009-12-30 17:55:38 0 d-----w- f:\program files\Cobian Backup 9
2009-12-30 17:28:50 0 d-sh--w- f:\windows\system32\lowsec
2009-12-25 21:26:02 0 d-----w- f:\windows\1C4551A64743409391E41477CD655043.TMP
2009-12-23 19:15:13 0 d-----w- f:\docume~1\paulav~1\applic~1\Trillian
2009-12-23 17:35:21 0 d-----w- f:\program files\Microsoft
2009-12-12 15:29:49 0 d-----w- f:\program files\Trend Micro
2009-12-11 18:21:21 471552 -c----w- f:\windows\system32\dllcache\aclayers.dll
2009-12-05 17:57:20 0 d-----w- f:\docume~1\paulav~1\applic~1\Desktopicon
2009-12-05 17:57:19 0 d-----w- f:\program files\Unlocker
2009-12-04 19:31:16 0 d-----w- f:\program files\IObit

==================== Find3M ====================

2009-12-29 17:23:34 100736 ----a-w- f:\windows\system32\drivers\nvata.sys
2009-12-07 19:46:22 56816 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2009-12-03 16:14:06 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13:56 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-11-14 00:47:28 856064 ----a-w- f:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- f:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- f:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- f:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- f:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- f:\windows\system32\DivX.dll
2009-11-12 19:32:04 93360 ----a-w- f:\windows\system32\drivers\SBREDrv.sys
2009-11-01 10:32:52 0 ---ha-w- f:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-11-01 10:32:52 0 ---ha-w- f:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-01 10:32:26 0 ---ha-w- f:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-01 10:32:25 0 ---ha-w- f:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-29 07:46:59 832512 ----a-w- f:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- f:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- f:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- f:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- f:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- f:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- f:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- f:\windows\system32\raschap.dll
2009-10-11 04:17:27 411368 ----a-w- f:\windows\system32\deploytk.dll
2009-10-06 18:09:12 107888 ----a-w- f:\windows\system32\CmdLineExt.dll
2007-11-17 14:51:22 5752 ----a-w- f:\program files\install.log

============= FINISH: 18:28:36.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 AM

Posted 31 December 2009 - 01:00 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 laveryuk

laveryuk
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 01 January 2010 - 07:43 AM

Hi Sam,
First let me wish you a Happy New Year and secondly let me thankyou for taking the time to hopefully fix my computer infestation.

I ran the ComboFix and because was taking some time I walked away from the computer. When I returned the computer had restarted with all the startup programs running before ComboFix had completed. I closed the virus and anti-spyware before ComboFix saved the logfile, which you'll find below.

ComboFix 09-12-31.08 - Pau Lavery 01/01/2010 12:04:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1599 [GMT 0:00]
Running from: f:\documents and settings\Pau Lavery\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Pau Lavery\Application Data\Desktopicon
f:\documents and settings\Pau Lavery\Application Data\Desktopicon\eBay.ico
f:\documents and settings\Pau Lavery\Application Data\Desktopicon\uninst.exe
f:\program files\INSTALL.LOG
f:\windows\install.exe
f:\windows\system32\Agent.OMZ.Fix.exe
f:\windows\system32\dumphive.exe
f:\windows\system32\IEDFix.exe
f:\windows\system32\lowsec
f:\windows\system32\lowsec\local.ds
f:\windows\system32\lowsec\user.ds
f:\windows\system32\o4Patch.exe
f:\windows\system32\Process.exe
f:\windows\system32\sdra64.exe
f:\windows\system32\SrchSTS.exe
f:\windows\system32\tmp.reg
f:\windows\system32\VCCLSID.exe
f:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-30 18:31 . 2009-12-30 18:31 0 ------w- f:\documents and settings\Pau Lavery\settings.dat
2009-12-30 17:55 . 2009-12-30 17:56 -------- d-----w- f:\program files\Cobian Backup 9
2009-12-25 21:26 . 2009-12-25 21:26 -------- d-----w- f:\windows\1C4551A64743409391E41477CD655043.TMP
2009-12-24 16:20 . 2009-12-29 15:47 52224 ------w- f:\documents and settings\Pau Lavery\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-24 16:20 . 2009-12-29 15:47 117760 ------w- f:\documents and settings\Pau Lavery\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-23 19:15 . 2009-12-23 19:22 -------- d-----w- f:\documents and settings\Pau Lavery\Application Data\Trillian
2009-12-23 19:14 . 2009-12-25 21:14 -------- d-----w- f:\program files\Trillian
2009-12-23 17:35 . 2009-12-23 17:35 -------- d-----w- f:\program files\Microsoft
2009-12-23 17:34 . 2009-12-23 17:35 -------- d-----w- f:\program files\Windows Live
2009-12-12 15:29 . 2009-12-12 15:29 -------- d-----w- f:\program files\Trend Micro
2009-12-11 18:21 . 2009-11-21 15:51 471552 -c----w- f:\windows\system32\dllcache\aclayers.dll
2009-12-05 17:57 . 2009-12-09 19:08 -------- d-----w- f:\program files\Unlocker
2009-12-04 19:31 . 2009-12-04 19:31 -------- d-----w- f:\program files\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 12:28 . 2008-02-14 18:58 -------- d-----w- f:\documents and settings\All Users\Application Data\Kontiki
2009-12-30 20:32 . 2006-04-24 16:52 100736 ----a-w- f:\windows\system32\drivers\nvata.sys
2009-12-26 11:45 . 2009-01-18 13:36 1 ------w- f:\documents and settings\Pau Lavery\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-25 22:51 . 2009-10-06 16:57 -------- d-----w- f:\program files\Common Files\BioWare
2009-12-25 21:24 . 2007-09-25 18:19 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard
2009-12-24 17:45 . 2007-09-25 17:56 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-24 16:19 . 2009-01-22 17:23 -------- d-----w- f:\program files\SUPERAntiSpyware
2009-12-24 16:19 . 2009-01-22 17:23 -------- d-----w- f:\documents and settings\Pau Lavery\Application Data\SUPERAntiSpyware.com
2009-12-24 15:30 . 2007-09-25 17:54 -------- d-----w- f:\program files\a-squared Free
2009-12-24 15:11 . 2009-08-08 15:40 862040 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-24 15:11 . 2009-08-08 15:40 206944 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-24 15:11 . 2009-11-12 19:31 537576 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-24 15:11 . 2009-08-08 15:40 390288 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-24 15:11 . 2009-08-08 15:39 370744 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-24 15:11 . 2009-08-08 15:40 194104 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-24 15:10 . 2009-08-08 15:39 6296864 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-24 15:10 . 2009-08-08 15:39 933120 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-24 15:10 . 2009-08-08 15:39 816272 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-24 15:10 . 2009-08-08 15:39 822904 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-24 15:10 . 2009-08-08 15:39 1643272 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-24 15:10 . 2009-08-08 15:39 788880 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-24 15:10 . 2009-08-08 15:39 1181328 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-23 15:24 . 2007-12-22 12:06 -------- d-----w- f:\program files\Google
2009-12-11 21:01 . 2007-09-24 19:35 -------- d-----w- f:\program files\Common Files\Adobe
2009-12-07 19:46 . 2009-04-30 16:32 56816 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2009-12-05 18:07 . 2009-01-18 12:46 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2009-12-05 18:07 . 2009-02-15 20:41 4844296 ------w- f:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 13:25 . 2008-02-17 16:09 -------- d-----w- f:\documents and settings\All Users\Application Data\Installations
2009-12-05 13:25 . 2008-02-17 16:10 -------- d-----w- f:\program files\Nokia
2009-12-03 16:14 . 2009-01-18 12:47 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-18 12:47 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-12-01 19:19 . 2007-09-25 17:56 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-11-22 19:32 . 2009-08-08 15:39 163728 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-22 19:32 . 2009-08-08 15:39 327000 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-22 19:32 . 2009-08-08 15:39 87496 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-22 19:32 . 2009-10-08 17:16 641632 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- f:\windows\AppPatch\aclayers.dll
2009-11-19 19:50 . 2009-07-07 17:15 -------- d-----w- f:\program files\Common Files\DivX Shared
2009-11-19 17:52 . 2007-09-26 17:25 -------- d-----w- f:\program files\DivX
2009-11-19 17:30 . 2007-09-24 18:47 23376 ------w- f:\documents and settings\Pau Lavery\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 17:27 . 2009-11-19 17:27 -------- d-----w- f:\program files\Common Files\Windows Live
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- f:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- f:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- f:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- f:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- f:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- f:\windows\system32\DivX.dll
2009-11-12 19:32 . 2009-11-12 19:32 93360 ----a-w- f:\windows\system32\drivers\SBREDrv.sys
2009-11-12 19:32 . 2009-11-12 19:32 93360 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-12 19:32 . 2009-11-12 19:32 554280 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-12 19:32 . 2009-06-04 16:31 15880 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-12 19:31 . 2009-11-12 19:31 212480 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-12 19:31 . 2009-11-12 19:31 283944 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-12 19:31 . 2009-11-12 19:31 1223976 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-12 19:31 . 2009-11-12 19:31 242984 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-12 19:29 . 2009-11-12 19:29 -------- dc-h--w- f:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 09:34 . 2007-09-26 19:07 -------- d-----w- f:\program files\Java
2009-11-07 09:33 . 2009-11-07 09:33 152576 ------w- f:\documents and settings\Pau Lavery\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-01 10:10 . 2009-11-01 10:10 95232 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-01 10:10 . 2009-11-01 10:10 8192 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-01 10:10 . 2009-11-01 10:10 61440 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-01 10:10 . 2009-11-01 10:10 10240 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-01 10:06 . 2009-11-01 10:10 33773208 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-10-29 07:46 . 2001-08-23 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2009-10-29 07:46 . 2007-09-24 17:51 78336 ----a-w- f:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- f:\windows\system32\corpol.dll
2009-10-21 05:38 . 2007-09-24 17:51 75776 ----a-w- f:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2007-09-24 17:51 25088 ----a-w- f:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-09-24 17:51 265728 ------w- f:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- f:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- f:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- f:\windows\system32\raschap.dll
2009-10-11 04:17 . 2009-02-02 12:23 411368 ----a-w- f:\windows\system32\deploytk.dll
2009-10-08 17:17 . 2009-10-08 17:17 17632 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-08 17:17 . 2009-03-07 20:59 68640 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-08 17:17 . 2009-03-07 20:59 303976 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-08 17:16 . 2009-08-08 15:39 640760 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-06 18:09 . 2007-11-18 13:01 107888 ----a-w- f:\windows\system32\CmdLineExt.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . f:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . f:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . f:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . f:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . f:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . f:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . f:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . f:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . f:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . f:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . f:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . f:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . f:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . f:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . f:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . f:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . f:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . f:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . f:\windows\$xpsp1hfm$\KB828741\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . f:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . f:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . f:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . f:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . f:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . f:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . f:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . f:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . f:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . f:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . f:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . f:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . f:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . f:\windows\$xpsp1hfm$\KB828741\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . f:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . f:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . f:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . f:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . f:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . f:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . f:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . f:\windows\system32\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . f:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . f:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . f:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . f:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . f:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . f:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . f:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . f:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . f:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . f:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . f:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . f:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . f:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . f:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . f:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . f:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . f:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . f:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . f:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . f:\windows\ie7\mshtml.dll
[-] 2006-11-07 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . f:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . f:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . f:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . f:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . f:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . f:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . f:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . f:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . f:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . f:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . f:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . f:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . f:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . f:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . f:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2009-01-24 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . f:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . f:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . f:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\windows\system32\dllcache\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . f:\windows\system32\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . f:\windows\system32\dllcache\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . f:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . f:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . f:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . f:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . f:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . f:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . f:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . f:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . f:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . f:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . f:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . f:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . f:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . f:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . f:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-26 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164] . . f:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-06-26 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164] . . f:\windows\ie7\wininet.dll
[-] 2006-11-07 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . f:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . f:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . f:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . f:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . f:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . f:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . f:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . f:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . f:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . f:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . f:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . f:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . f:\windows\system32\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . f:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . f:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . f:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . f:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . f:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . f:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . f:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . f:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . f:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\windows\system32\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . f:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . f:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . f:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="f:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"NBJ"="f:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="f:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"NVMixerTray"="f:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Launch Ai Booster"="f:\program files\ASUS\Ai Booster\OverClk.exe" [2005-12-21 3627520]
"WheelMouse"="f:\program files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 163840]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"tsnpstd3"="f:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="f:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ISUSScheduler"="f:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Ad-Watch"="f:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-24 788880]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"Cobian Backup 9 interface"="f:\program files\Cobian Backup 9\cbInterface.exe" [2009-01-22 2749952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="f:\windows\system32\userinit.exe,f:\windows\system32\mscxqw32.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0f:\windows\2236421.exe \??\f:\windows\2236421.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\WINDOWS\\system32\\LEXPPS.EXE"=
"f:\\Program Files\\Kontiki\\KService.exe"=
"f:\\Program Files\\O2\\bin\\wificfg.exe"=
"f:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"f:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"f:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

R0 Lbd;Lbd;f:\windows\system32\drivers\Lbd.sys [31/01/2009 20:59 64288]
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 a2free;a-squared Free Service;f:\program files\a-squared Free\a2service.exe [25/09/2007 17:54 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [08/08/2009 09:14 108289]
R2 CobianBackupAmanita;Cobian Backup 9 service;f:\program files\Cobian Backup 9\cbService.exe [30/12/2009 17:55 583168]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);f:\program files\O2\bin\sprtsvc.exe [07/06/2007 15:19 202280]
R3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S2 gupdate1c999a390a940a0;Google Update Service (gupdate1c999a390a940a0);f:\program files\Google\Update\GoogleUpdate.exe [28/02/2009 12:53 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1181328]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [25/12/2009 22:43 25832]
S3 eplsw2k;SCM Parallel Port LS-120 Driver;f:\windows\system32\drivers\eplsw2k.sys [27/09/2007 17:46 142567]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 f:\windows\Tasks\Ad-Aware Update (Daily 1).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-01 f:\windows\Tasks\Ad-Aware Update (Daily 2).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-01 f:\windows\Tasks\Ad-Aware Update (Daily 3).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-01 f:\windows\Tasks\Ad-Aware Update (Daily 4).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-01 f:\windows\Tasks\Ad-Aware Update (Weekly).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2009-12-21 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-01 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 12:53]

2010-01-01 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 12:53]
.
.
------- Supplementary Scan -------
.
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - f:\documents and settings\Pau Lavery\Application Data\Mozilla\Firefox\Profiles\kiu4imkr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - plugin: f:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: f:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: f:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

BHO-{B0652DA0-8ACC-48E0-9515-64B46D9C136B} - (no file)
BHO-{BD0652CF-B674-451C-B651-AE944C746BA0} - (no file)
AddRemove-eBay Icon - f:\documents and settings\Pau Lavery\Application Data\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 12:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


f:\windows\system32\mscxqw32.exe 95744 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1220945662-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e5,29,83,48,c7,9a,d8,04,ba,5f,74,c5,84,87,24,fe,ab,ba,aa,2c,8c,17,0d,
13,92,34,f8,25,e6,3d,61,4d,68,83,42,6f,5a,10,34,de,ff,7c,97,02,f0,20,19,b7,\
"??"=hex:75,d6,67,c4,ec,66,15,e0,65,d7,70,03,a3,6c,02,9e

[HKEY_USERS\S-1-5-21-776561741-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:bb,3d,4b,e7,2d,21,d5,98,99,a1,ef,0a,6b,9d,98,db,03,31,67,5a,d5,
f5,7b,15,2d,79,f7,d3,1d,c2,93,32,2d,b9,f0,c6,07,e2,5f,3b,dc,d7,36,c2,80,d7,\
"rkeysecu"=hex:a6,a6,cf,0a,a2,ab,12,8d,7b,3f,37,b4,7e,0a,9a,80
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
f:\windows\system32\WININET.dll
f:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(988)
f:\windows\system32\WININET.dll
f:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(3404)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\nvsvc32.exe
f:\windows\system32\LEXBCES.EXE
f:\windows\system32\LEXPPS.EXE
f:\program files\Avira\AntiVir Desktop\avguard.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Kontiki\KService.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
f:\windows\SOUNDMAN.EXE
f:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-01-01 12:33:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-01 12:33

Pre-Run: 88,381,489,152 bytes free
Post-Run: 88,320,028,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1028160151DA2321F348C29191CF327F

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 AM

Posted 01 January 2010 - 01:00 PM

Happy New Year to you as well! :(

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Rootkit::
f:\windows\system32\mscxqw32.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="f:\windows\system32\userinit.exe
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 laveryuk

laveryuk
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 02 January 2010 - 02:57 PM

Hi Sam,

That took awhile. One question:

Objects bec100cr_valendian.fsb, bed100cr_duncan.fsb, lite_red_jetta.fsb, pre100_knight.fsb are part of my current game can I un-move them from Dr.Web quarantine folder?

ComboFix 10-01-01.01 - Pau Lavery 02/01/2010 9:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1630 [GMT 0:00]
Running from: f:\documents and settings\Pau Lavery\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Pau Lavery\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2009-12-30 18:31 . 2009-12-30 18:31 0 ------w- f:\documents and settings\Pau Lavery\settings.dat
2009-12-30 17:55 . 2009-12-30 17:56 -------- d-----w- f:\program files\Cobian Backup 9
2009-12-25 21:26 . 2009-12-25 21:26 -------- d-----w- f:\windows\1C4551A64743409391E41477CD655043.TMP
2009-12-24 16:20 . 2009-12-29 15:47 52224 ------w- f:\documents and settings\Pau Lavery\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-24 16:20 . 2009-12-29 15:47 117760 ------w- f:\documents and settings\Pau Lavery\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-23 19:15 . 2009-12-23 19:22 -------- d-----w- f:\documents and settings\Pau Lavery\Application Data\Trillian
2009-12-23 19:14 . 2009-12-25 21:14 -------- d-----w- f:\program files\Trillian
2009-12-23 17:35 . 2009-12-23 17:35 -------- d-----w- f:\program files\Microsoft
2009-12-23 17:34 . 2009-12-23 17:35 -------- d-----w- f:\program files\Windows Live
2009-12-12 15:29 . 2009-12-12 15:29 -------- d-----w- f:\program files\Trend Micro
2009-12-11 18:21 . 2009-11-21 15:51 471552 -c----w- f:\windows\system32\dllcache\aclayers.dll
2009-12-05 17:57 . 2009-12-09 19:08 -------- d-----w- f:\program files\Unlocker
2009-12-04 19:31 . 2009-12-04 19:31 -------- d-----w- f:\program files\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 09:41 . 2008-02-14 18:58 -------- d-----w- f:\documents and settings\All Users\Application Data\Kontiki
2010-01-01 13:11 . 2006-04-24 16:52 100736 ----a-w- f:\windows\system32\drivers\nvata.sys
2009-12-26 11:45 . 2009-01-18 13:36 1 ------w- f:\documents and settings\Pau Lavery\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-25 22:51 . 2009-10-06 16:57 -------- d-----w- f:\program files\Common Files\BioWare
2009-12-25 21:24 . 2007-09-25 18:19 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard
2009-12-24 17:45 . 2007-09-25 17:56 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-24 16:19 . 2009-01-22 17:23 -------- d-----w- f:\program files\SUPERAntiSpyware
2009-12-24 16:19 . 2009-01-22 17:23 -------- d-----w- f:\documents and settings\Pau Lavery\Application Data\SUPERAntiSpyware.com
2009-12-24 15:30 . 2007-09-25 17:54 -------- d-----w- f:\program files\a-squared Free
2009-12-24 15:11 . 2009-08-08 15:40 862040 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-24 15:11 . 2009-08-08 15:40 206944 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-24 15:11 . 2009-11-12 19:31 537576 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-24 15:11 . 2009-08-08 15:40 390288 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-24 15:11 . 2009-08-08 15:39 370744 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-24 15:11 . 2009-08-08 15:40 194104 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-24 15:10 . 2009-08-08 15:39 6296864 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-24 15:10 . 2009-08-08 15:39 933120 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-24 15:10 . 2009-08-08 15:39 816272 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-24 15:10 . 2009-08-08 15:39 822904 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-24 15:10 . 2009-08-08 15:39 1643272 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-24 15:10 . 2009-08-08 15:39 788880 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-24 15:10 . 2009-08-08 15:39 1181328 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-23 15:24 . 2007-12-22 12:06 -------- d-----w- f:\program files\Google
2009-12-11 21:01 . 2007-09-24 19:35 -------- d-----w- f:\program files\Common Files\Adobe
2009-12-07 19:46 . 2009-04-30 16:32 56816 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2009-12-05 18:07 . 2009-01-18 12:46 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2009-12-05 18:07 . 2009-02-15 20:41 4844296 ------w- f:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 13:25 . 2008-02-17 16:09 -------- d-----w- f:\documents and settings\All Users\Application Data\Installations
2009-12-05 13:25 . 2008-02-17 16:10 -------- d-----w- f:\program files\Nokia
2009-12-03 16:14 . 2009-01-18 12:47 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-18 12:47 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-12-01 19:19 . 2007-09-25 17:56 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-11-22 19:32 . 2009-08-08 15:39 163728 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-22 19:32 . 2009-08-08 15:39 327000 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-22 19:32 . 2009-08-08 15:39 87496 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-22 19:32 . 2009-10-08 17:16 641632 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- f:\windows\AppPatch\aclayers.dll
2009-11-19 19:50 . 2009-07-07 17:15 -------- d-----w- f:\program files\Common Files\DivX Shared
2009-11-19 17:52 . 2007-09-26 17:25 -------- d-----w- f:\program files\DivX
2009-11-19 17:30 . 2007-09-24 18:47 23376 ------w- f:\documents and settings\Pau Lavery\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 17:27 . 2009-11-19 17:27 -------- d-----w- f:\program files\Common Files\Windows Live
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- f:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- f:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- f:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- f:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- f:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- f:\windows\system32\DivX.dll
2009-11-12 19:32 . 2009-11-12 19:32 93360 ----a-w- f:\windows\system32\drivers\SBREDrv.sys
2009-11-12 19:32 . 2009-11-12 19:32 93360 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-12 19:32 . 2009-11-12 19:32 554280 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-12 19:32 . 2009-06-04 16:31 15880 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-12 19:31 . 2009-11-12 19:31 212480 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-12 19:31 . 2009-11-12 19:31 283944 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-12 19:31 . 2009-11-12 19:31 1223976 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-12 19:31 . 2009-11-12 19:31 242984 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-12 19:29 . 2009-11-12 19:29 -------- dc-h--w- f:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 09:34 . 2007-09-26 19:07 -------- d-----w- f:\program files\Java
2009-11-07 09:33 . 2009-11-07 09:33 152576 ------w- f:\documents and settings\Pau Lavery\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-01 10:10 . 2009-11-01 10:10 95232 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-01 10:10 . 2009-11-01 10:10 8192 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-01 10:10 . 2009-11-01 10:10 61440 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-01 10:10 . 2009-11-01 10:10 10240 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-01 10:06 . 2009-11-01 10:10 33773208 ------w- f:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-10-29 07:46 . 2001-08-23 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2009-10-29 07:46 . 2007-09-24 17:51 78336 ----a-w- f:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- f:\windows\system32\corpol.dll
2009-10-21 05:38 . 2007-09-24 17:51 75776 ----a-w- f:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2007-09-24 17:51 25088 ----a-w- f:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-09-24 17:51 265728 ------w- f:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- f:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- f:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- f:\windows\system32\raschap.dll
2009-10-11 04:17 . 2009-02-02 12:23 411368 ----a-w- f:\windows\system32\deploytk.dll
2009-10-08 17:17 . 2009-10-08 17:17 17632 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-08 17:17 . 2009-03-07 20:59 68640 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-08 17:17 . 2009-03-07 20:59 303976 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-08 17:16 . 2009-08-08 15:39 640760 ------w- f:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-06 18:09 . 2007-11-18 13:01 107888 ----a-w- f:\windows\system32\CmdLineExt.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . f:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . f:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . f:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . f:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . f:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . f:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . f:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . f:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . f:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . f:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . f:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . f:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . f:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . f:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . f:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . f:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . f:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . f:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . f:\windows\$xpsp1hfm$\KB828741\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . f:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . f:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . f:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . f:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . f:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . f:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . f:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . f:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . f:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . f:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . f:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . f:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . f:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . f:\windows\$xpsp1hfm$\KB828741\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . f:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . f:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . f:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . f:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . f:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . f:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . f:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . f:\windows\system32\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . f:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . f:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . f:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . f:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . f:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . f:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . f:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . f:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . f:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . f:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . f:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . f:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . f:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . f:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . f:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . f:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . f:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . f:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . f:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . f:\windows\ie7\mshtml.dll
[-] 2006-11-07 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . f:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . f:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . f:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . f:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . f:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . f:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . f:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . f:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . f:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . f:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . f:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . f:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . f:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . f:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . f:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . f:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2009-01-24 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . f:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . f:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . f:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\windows\system32\dllcache\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . f:\windows\system32\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . f:\windows\system32\dllcache\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . f:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . f:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . f:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . f:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . f:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . f:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . f:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . f:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . f:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . f:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . f:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . f:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . f:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . f:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . f:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-26 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164] . . f:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-06-26 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164] . . f:\windows\ie7\wininet.dll
[-] 2006-11-07 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . f:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . f:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . f:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . f:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . f:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . f:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . f:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . f:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . f:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . f:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . f:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . f:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . f:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . f:\windows\system32\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . f:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . f:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . f:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . f:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . f:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . f:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . f:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . f:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . f:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . f:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\windows\system32\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . f:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . f:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . f:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-01_12.27.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-02 09:28 . 2010-01-02 09:28 16384 f:\windows\Temp\Perflib_Perfdata_2d0.dat
+ 2010-01-02 09:28 . 2010-01-02 09:28 16384 f:\windows\Temp\Perflib_Perfdata_1b0.dat
- 2001-08-23 12:00 . 2009-12-31 10:17 71002 f:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-01-01 19:39 71002 f:\windows\system32\perfc009.dat
- 2007-09-23 18:13 . 2010-01-01 12:15 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-09-23 18:13 . 2010-01-02 09:28 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-09-23 18:13 . 2010-01-02 09:28 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-09-23 18:13 . 2010-01-01 12:15 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
- 2001-08-23 12:00 . 2009-12-31 10:17 440684 f:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-01-01 19:39 440684 f:\windows\system32\perfh009.dat
- 2007-09-23 18:13 . 2010-01-01 12:15 344064 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-23 18:13 . 2010-01-02 09:28 344064 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="f:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"NBJ"="f:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="f:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"NVMixerTray"="f:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Launch Ai Booster"="f:\program files\ASUS\Ai Booster\OverClk.exe" [2005-12-21 3627520]
"WheelMouse"="f:\program files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 163840]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"tsnpstd3"="f:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="f:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ISUSScheduler"="f:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Ad-Watch"="f:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-24 788880]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"Cobian Backup 9 interface"="f:\program files\Cobian Backup 9\cbInterface.exe" [2009-01-22 2749952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0f:\windows\2236421.exe \??\f:\windows\2236421.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\WINDOWS\\system32\\LEXPPS.EXE"=
"f:\\Program Files\\Kontiki\\KService.exe"=
"f:\\Program Files\\O2\\bin\\wificfg.exe"=
"f:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"f:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"f:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

R0 Lbd;Lbd;f:\windows\system32\drivers\Lbd.sys [31/01/2009 20:59 64288]
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 a2free;a-squared Free Service;f:\program files\a-squared Free\a2service.exe [25/09/2007 17:54 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [08/08/2009 09:14 108289]
R2 CobianBackupAmanita;Cobian Backup 9 service;f:\program files\Cobian Backup 9\cbService.exe [30/12/2009 17:55 583168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1181328]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);f:\program files\O2\bin\sprtsvc.exe [07/06/2007 15:19 202280]
R3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S2 gupdate1c999a390a940a0;Google Update Service (gupdate1c999a390a940a0);f:\program files\Google\Update\GoogleUpdate.exe [28/02/2009 12:53 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [25/12/2009 22:43 25832]
S3 eplsw2k;SCM Parallel Port LS-120 Driver;f:\windows\system32\drivers\eplsw2k.sys [27/09/2007 17:46 142567]
.
Contents of the 'Scheduled Tasks' folder

2010-01-02 f:\windows\Tasks\Ad-Aware Update (Daily 1).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-02 f:\windows\Tasks\Ad-Aware Update (Daily 2).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-02 f:\windows\Tasks\Ad-Aware Update (Daily 3).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-02 f:\windows\Tasks\Ad-Aware Update (Daily 4).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2010-01-02 f:\windows\Tasks\Ad-Aware Update (Weekly).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:10]

2009-12-21 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-02 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 12:53]

2010-01-01 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 12:53]
.
.
------- Supplementary Scan -------
.
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - f:\documents and settings\Pau Lavery\Application Data\Mozilla\Firefox\Profiles\kiu4imkr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - plugin: f:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: f:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: f:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

BHO-{B0652DA0-8ACC-48E0-9515-64B46D9C136B} - (no file)
BHO-{BD0652CF-B674-451C-B651-AE944C746BA0} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 09:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1220945662-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e5,29,83,48,c7,9a,d8,04,ba,5f,74,c5,84,87,24,fe,ab,ba,aa,2c,8c,17,0d,
13,92,34,f8,25,e6,3d,61,4d,68,83,42,6f,5a,10,34,de,ff,7c,97,02,f0,20,19,b7,\
"??"=hex:75,d6,67,c4,ec,66,15,e0,65,d7,70,03,a3,6c,02,9e

[HKEY_USERS\S-1-5-21-776561741-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:bb,3d,4b,e7,2d,21,d5,98,99,a1,ef,0a,6b,9d,98,db,03,31,67,5a,d5,
f5,7b,15,2d,79,f7,d3,1d,c2,93,32,2d,b9,f0,c6,07,e2,5f,3b,dc,d7,36,c2,80,d7,\
"rkeysecu"=hex:a6,a6,cf,0a,a2,ab,12,8d,7b,3f,37,b4,7e,0a,9a,80
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
f:\windows\system32\WININET.dll
f:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(984)
f:\windows\system32\WININET.dll
f:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(596)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\nvsvc32.exe
f:\windows\system32\LEXBCES.EXE
f:\windows\system32\LEXPPS.EXE
f:\program files\Avira\AntiVir Desktop\avguard.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Kontiki\KService.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
f:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
f:\windows\System32\wbem\unsecapp.exe
f:\windows\SOUNDMAN.EXE
f:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-01-02 09:45:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-02 09:44
ComboFix2.txt 2010-01-01 12:33

Pre-Run: 88,306,966,528 bytes free
Post-Run: 88,296,136,704 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A2E02CA762007958B56682081BACDE94

Process in memory: F:\WINDOWS\system32\svchost.exe:1212;;BackDoor.Tdss.565;Eradicated.;
msjiyf32.exe;F:\WINDOWS\system32;Trojan.Webmoner.60972;Deleted.;
GoogleUpdateBeta.exe;F:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update;Trojan.DownLoad1.17725;Deleted.;
nvata.sys;F:\WINDOWS\system32\drivers;BackDoor.Tdss.1365;Cured.;
nvata.sys;f:\windows\system32\drivers;BackDoor.Tdss.1365;Cured.;
RegUBP2b-Pau Lavery.reg;"C:\Documents and Settings 2009-12-30 18;05;36\All Users\Application Data\Spybot - Search & Destroy\Snapshots2";Trojan.StartPage.1505;Deleted.;
A0064975.exe;"C:\Documents and Settings 2009-12-30 18;05;36\Pau Lavery\DoctorWeb\Quarantine";Tool.Prockill;;
A0065925.exe\SDFix\apps\Process.exe;"C:\Documents and Settings 2009-12-30 18;05;36\Pau Lavery\DoctorWeb\Quarantine\A0065925.exe";Tool.Prockill;;
A0065925.exe;"C:\Documents and Settings 2009-12-30 18;05;36\Pau Lavery\DoctorWeb\Quarantine";Archive contains infected objects;Moved.;
Process.exe;"C:\Documents and Settings 2009-12-30 18;05;36\Pau Lavery\DoctorWeb\Quarantine";Tool.Prockill;;
SDFix.exe\SDFix\apps\Process.exe;"C:\Documents and Settings 2009-12-30 18;05;36\Pau Lavery\DoctorWeb\Quarantine\SDFix.exe";Tool.Prockill;;
SDFix.exe;"C:\Documents and Settings 2009-12-30 18;05;36\Pau Lavery\DoctorWeb\Quarantine";Archive contains infected objects;Moved.;
RegUBP2b-Pau Lavery.reg;"C:\Documents and Settings 2009-12-31 17;58;20\All Users\Application Data\Spybot - Search & Destroy\Snapshots2";Trojan.StartPage.1505;Deleted.;
A0064975.exe;"C:\Documents and Settings 2009-12-31 17;58;20\Pau Lavery\DoctorWeb\Quarantine";Tool.Prockill;;
A0065925.exe\SDFix\apps\Process.exe;"C:\Documents and Settings 2009-12-31 17;58;20\Pau Lavery\DoctorWeb\Quarantine\A0065925.exe";Tool.Prockill;;
A0065925.exe;"C:\Documents and Settings 2009-12-31 17;58;20\Pau Lavery\DoctorWeb\Quarantine";Archive contains infected objects;Moved.;
Process.exe;"C:\Documents and Settings 2009-12-31 17;58;20\Pau Lavery\DoctorWeb\Quarantine";Tool.Prockill;;
SDFix.exe\SDFix\apps\Process.exe;"C:\Documents and Settings 2009-12-31 17;58;20\Pau Lavery\DoctorWeb\Quarantine\SDFix.exe";Tool.Prockill;;
SDFix.exe;"C:\Documents and Settings 2009-12-31 17;58;20\Pau Lavery\DoctorWeb\Quarantine";Archive contains infected objects;Moved.;
bec100cr_valendrian.fsb;C:\Games\Dragon Age\modules\single player\audio\vo\en-us\vo;Modification of Win32.Kriz.4050;Moved.;
bed100cr_duncan.fsb;C:\Games\Dragon Age\modules\single player\audio\vo\en-us\vo;Modification of Win32.Kriz.4050;Moved.;
lite_red_jetta.fsb;C:\Games\Dragon Age\modules\single player\audio\vo\en-us\vo;Modification of Win32.Kriz.4050;Moved.;
pre100_knight.fsb;C:\Games\Dragon Age\modules\single player\audio\vo\en-us\vo;Modification of Win32.Kriz.4050;Moved.;
RegUBP2b-Pau Lavery.reg;F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
ComboFix.exe\32788R22FWJFW\List-C.bat;F:\Documents and Settings\Pau Lavery\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe;F:\Documents and Settings\Pau Lavery\Desktop;Archive contains infected objects;Moved.;
dnews.exe;F:\dtemp;Probably DLOADER.Trojan;;
Process.exe.vir;F:\Qoobox\Quarantine\F\WINDOWS\system32;Tool.Prockill;;
nvata.sys;F:\WINDOWS\system32\drivers;BackDoor.Tdss.1365;Cured.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 AM

Posted 02 January 2010 - 04:06 PM

As long as you can confirm that those files are legit and not malicious then go ahead and move them back.


Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 laveryuk

laveryuk
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 03 January 2010 - 10:22 AM

Hi Sam,

As you can see the scan proved successful. I've removed firefox and re-installed it because I was still getting a re-direct webpage on the browser. It's too early to tell if re-installing firefox has solved the problem. Firefox does seem to take awhile to start maybe its all those virus and anti-spyware/maleware applications I have running. Any suggestions?

Cheers

Paul

Malwarebytes' Anti-Malware 1.43
Database version: 3486
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

03/01/2010 11:56:58
mbam-log-2010-01-03 (11-56-58).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 244618
Time elapsed: 1 hour(s), 43 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 AM

Posted 04 January 2010 - 08:56 AM

Looks good to me. Let me know if Firefox is working correctly and I'll post some final steps for you.

The programs and tools that we've been using won't affect Firefox at all.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 laveryuk

laveryuk
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 04 January 2010 - 12:50 PM

Hi Sam,

Back to work today. :(

Yes I'm still having problems with Firefox and a re-directed webpage tab. Everything else seems OK. Which anti-virus/spyware/mallware applications do you suggest I should run?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 AM

Posted 04 January 2010 - 07:05 PM

Let's see if we can track down the reason for the Firefox issue.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    nvata.sys
    atapi.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


=====================



Download Kenco.exe to your desktop
  • Close all windows and run the program
  • It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

=====================


Open Firefox and install the Mr Tech Toolkit extension from here.
https://addons.mozilla.org/en-US/firefox/addon/421

Once installed, restart Firefox as prompted.
Click Tools -> My Config -> Save - Text
Save the report to your desktop.
Please copy and paste the contents of that report.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 laveryuk

laveryuk
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 05 January 2010 - 01:50 PM

As requested:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:14 on 05/01/2010 by Pau Lavery (Administrator - Elevation successful)

========== filefind ==========

Searching for "nvata.sys"
F:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sata_ide\nvata.sys --a--- 100736 bytes [16:52 24/04/2006] [16:52 24/04/2006] C03E15101F6D9E82CD9B0E7D715F5DE3
F:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sata_ide\nvata.sys --a--- 100736 bytes [16:52 24/04/2006] [16:52 24/04/2006] C03E15101F6D9E82CD9B0E7D715F5DE3
F:\WINDOWS\system32\drivers\nvata.sys --a--- 100736 bytes [16:52 24/04/2006] [13:38 03/01/2010] C03E15101F6D9E82CD9B0E7D715F5DE3

Searching for "atapi.sys"
F:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [16:51 08/09/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
F:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [17:51 24/09/2007] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
F:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [12:00 23/08/2001] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
F:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys --a--- 95360 bytes [19:59 24/09/2007] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
F:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys --a--- 95360 bytes [19:59 24/09/2007] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

Kenco by jpshortstuff (31.12.09.1)
Log created at 18:47 on 05/01/2010 (Pau Lavery)

========== Task Unlocker ==========

========== KencoScan ==========

========== F:\WINDOWS\Tasks ==========
Ad-Aware Update (Daily 1).job -> [15:12 24/12/2009] 472 bytes
Ad-Aware Update (Daily 2).job -> [15:12 24/12/2009] 472 bytes
Ad-Aware Update (Daily 3).job -> [15:12 24/12/2009] 472 bytes
Ad-Aware Update (Daily 4).job -> [15:12 24/12/2009] 472 bytes
Ad-Aware Update (Weekly).job -> [20:59 31/01/2009] 472 bytes
AppleSoftwareUpdate.job -> [11:49 29/09/2007] 284 bytes
GoogleUpdateTaskMachineCore.job -> [17:17 01/07/2009] 880 bytes
GoogleUpdateTaskMachineUA.job -> [17:17 01/07/2009] 884 bytes

-=E.O.F=-

Generated: Tue Jan 05 2010 18:48:14 GMT+0000 (GMT Standard Time)
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
Build ID: 20091201220228

Enabled Extensions: [6]
- Java Console 6.0: http://www.google.com/search?q=Firefox%20Java%20Console
- Java Console 6.0.11: http://www.google.com/search?q=Firefox%20Java%20Console
- Java Console 6.0.17: http://www.google.com/search?q=Firefox%20Java%20Console
- Java Quick Starter 1.0: http://www.google.com/search?q=Firefox%20J...Quick%20Starter
- Microsoft .NET Framework Assistant 1.1: http://www.windowsclient.net/
- MR Tech Toolkit 6.0.4: http://www.mrtech.com/extensions/

Installed Themes: [1]
- Default: http://www.mozilla.org/

Installed Plugins: (21)
- Adobe Acrobat
- BBC iPlayer Plugin
- DivX Player Netscape Plugin
- DivX Web Player
- DivX® Content Upload Plugin
- Gamespot Auto-Start NPAPI plugin
- Google Earth Plugin
- Google Update
- Java Deployment Toolkit 6.0.170.4
- Java™ Platform SE 6 U11
- Java™ Platform SE 6 U17
- Microsoft® DRM
- Mozilla Default Plug-in
- QuickTime Plug-in 7.3.1
- RealPlayer Version Plugin
- RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
- Shockwave Flash
- Windows Genuine Advantage
- Windows Media Player Plug-in Dynamic Link Library
- Windows Presentation Foundation
- Yahoo! activeX Plug-in Bridge

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 AM

Posted 05 January 2010 - 08:43 PM

We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 laveryuk

laveryuk
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 06 January 2010 - 10:57 AM

Hi Sam,

I ran TDSSKiller as instructed and it found some problems. The script instructed me to reboot which I did. After the reboot I could not find the log file. I re-ran TDSSKiller again and this time nothing was found. What shall we do next?

Cheers

Paul

#14 laveryuk

laveryuk
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 06 January 2010 - 01:47 PM

Oops I found it:

15:53:53:187 0224 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
15:53:53:187 0224 ================================================================================
15:53:53:187 0224 SystemInfo:

15:53:53:187 0224 OS Version: 5.1.2600 ServicePack: 3.0
15:53:53:187 0224 Product type: Workstation
15:53:53:187 0224 ComputerName: PAUL-9XWSD3Z4XB
15:53:53:187 0224 UserName: Pau Lavery
15:53:53:187 0224 Windows directory: F:\WINDOWS
15:53:53:187 0224 Processor architecture: Intel x86
15:53:53:187 0224 Number of processors: 2
15:53:53:187 0224 Page size: 0x1000
15:53:53:187 0224 Boot type: Normal boot
15:53:53:187 0224 ================================================================================
15:53:53:187 0224 ForceUnloadDriver: NtUnloadDriver error 2
15:53:53:187 0224 ForceUnloadDriver: NtUnloadDriver error 2
15:53:53:187 0224 ForceUnloadDriver: NtUnloadDriver error 2
15:53:53:187 0224 MyNtCreateFileW: NtCreateFile(\??\F:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
15:53:53:187 0224 main: Driver KLMD successfully dropped
15:53:53:187 0224 main: Driver KLMD successfully loaded
15:53:53:187 0224
Scanning Registry ...
15:53:53:187 0224 ScanServices: Searching service UACd.sys
15:53:53:187 0224 ScanServices: Open/Create key error 2
15:53:53:187 0224 ScanServices: Searching service TDSSserv.sys
15:53:53:187 0224 ScanServices: Open/Create key error 2
15:53:53:187 0224 ScanServices: Searching service gaopdxserv.sys
15:53:53:187 0224 ScanServices: Open/Create key error 2
15:53:53:187 0224 ScanServices: Searching service gxvxcserv.sys
15:53:53:187 0224 ScanServices: Open/Create key error 2
15:53:53:187 0224 ScanServices: Searching service MSIVXserv.sys
15:53:53:187 0224 ScanServices: Open/Create key error 2
15:53:53:187 0224 UnhookRegistry: Kernel module file name: F:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
15:53:53:187 0224 UnhookRegistry: Kernel local addr: A40000
15:53:53:187 0224 UnhookRegistry: KeServiceDescriptorTable addr: AC5700
15:53:53:203 0224 UnhookRegistry: KiServiceTable addr: A6D460
15:53:53:203 0224 UnhookRegistry: NtEnumerateKey service number (local): 47
15:53:53:203 0224 UnhookRegistry: NtEnumerateKey local addr: B8CFF2
15:53:53:203 0224 KLMD_OpenDevice: Trying to open KLMD device
15:53:53:203 0224 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
15:53:53:203 0224 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
15:53:53:203 0224 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
15:53:53:203 0224 UnhookRegistry: NtEnumerateKey service number (kernel): 47
15:53:53:203 0224 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
15:53:53:203 0224 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
15:53:53:203 0224 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
15:53:53:203 0224 UnhookRegistry: No SDT hooks found on NtEnumerateKey
15:53:53:203 0224 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
15:53:53:203 0224 UnhookRegistry: No splicing found on NtEnumerateKey
15:53:53:203 0224
Scanning Kernel memory ...
15:53:53:203 0224 KLMD_OpenDevice: Trying to open KLMD device
15:53:53:203 0224 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
15:53:53:203 0224 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
15:53:53:203 0224 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A72AAE0
15:53:53:203 0224 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects
15:53:53:203 0224 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A751C68
15:53:53:203 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A751C68
15:53:53:203 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A751C68[0x38]
15:53:53:203 0224 DetectCureTDL3: DRIVER_OBJECT addr: 8A72AAE0
15:53:53:203 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A72AAE0[0xA8]
15:53:53:203 0224 KLMD_ReadMem: Trying to ReadMemory 0xE197B680[0x208]
15:53:53:203 0224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:53:53:203 0224 DetectCureTDL3: IrpHandler (0) addr: B810EBB0
15:53:53:203 0224 DetectCureTDL3: IrpHandler (1) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (2) addr: B810EBB0
15:53:53:203 0224 DetectCureTDL3: IrpHandler (3) addr: B8108D1F
15:53:53:203 0224 DetectCureTDL3: IrpHandler (4) addr: B8108D1F
15:53:53:203 0224 DetectCureTDL3: IrpHandler (5) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (6) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (7) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (8) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (9) addr: B81092E2
15:53:53:203 0224 DetectCureTDL3: IrpHandler (10) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (11) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (12) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (13) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (14) addr: B81093BB
15:53:53:203 0224 DetectCureTDL3: IrpHandler (15) addr: B810CF28
15:53:53:203 0224 DetectCureTDL3: IrpHandler (16) addr: B81092E2
15:53:53:203 0224 DetectCureTDL3: IrpHandler (17) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (18) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (19) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (20) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (21) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (22) addr: B810AC82
15:53:53:203 0224 DetectCureTDL3: IrpHandler (23) addr: B810F99E
15:53:53:203 0224 DetectCureTDL3: IrpHandler (24) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (25) addr: 804F4562
15:53:53:203 0224 DetectCureTDL3: IrpHandler (26) addr: 804F4562
15:53:53:203 0224 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
15:53:53:203 0224 KLMD_ReadMem: DeviceIoControl error 1
15:53:53:203 0224 TDL3_StartIoHookDetect: Unable to get StartIo handler code
15:53:53:203 0224 TDL3_FileDetect: Processing driver: Disk
15:53:53:203 0224 TDL3_FileDetect: Parameters: F:\WINDOWS\system32\drivers\disk.sys, F:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
15:53:53:203 0224 TDL3_FileDetect: Processing driver file: F:\WINDOWS\system32\drivers\disk.sys
15:53:53:203 0224 KLMD_CreateFileW: Trying to open file F:\WINDOWS\system32\drivers\disk.sys
15:53:53:218 0224 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A730C68
15:53:53:218 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A730C68
15:53:53:218 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A730C68[0x38]
15:53:53:218 0224 DetectCureTDL3: DRIVER_OBJECT addr: 8A72AAE0
15:53:53:218 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A72AAE0[0xA8]
15:53:53:218 0224 KLMD_ReadMem: Trying to ReadMemory 0xE197B680[0x208]
15:53:53:218 0224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:53:53:218 0224 DetectCureTDL3: IrpHandler (0) addr: B810EBB0
15:53:53:218 0224 DetectCureTDL3: IrpHandler (1) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (2) addr: B810EBB0
15:53:53:218 0224 DetectCureTDL3: IrpHandler (3) addr: B8108D1F
15:53:53:218 0224 DetectCureTDL3: IrpHandler (4) addr: B8108D1F
15:53:53:218 0224 DetectCureTDL3: IrpHandler (5) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (6) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (7) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (8) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (9) addr: B81092E2
15:53:53:218 0224 DetectCureTDL3: IrpHandler (10) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (11) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (12) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (13) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (14) addr: B81093BB
15:53:53:218 0224 DetectCureTDL3: IrpHandler (15) addr: B810CF28
15:53:53:218 0224 DetectCureTDL3: IrpHandler (16) addr: B81092E2
15:53:53:218 0224 DetectCureTDL3: IrpHandler (17) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (18) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (19) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (20) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (21) addr: 804F4562
15:53:53:218 0224 DetectCureTDL3: IrpHandler (22) addr: B810AC82
15:53:53:234 0224 DetectCureTDL3: IrpHandler (23) addr: B810F99E
15:53:53:234 0224 DetectCureTDL3: IrpHandler (24) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (25) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (26) addr: 804F4562
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
15:53:53:234 0224 KLMD_ReadMem: DeviceIoControl error 1
15:53:53:234 0224 TDL3_StartIoHookDetect: Unable to get StartIo handler code
15:53:53:234 0224 TDL3_FileDetect: Processing driver: Disk
15:53:53:234 0224 TDL3_FileDetect: Parameters: F:\WINDOWS\system32\drivers\disk.sys, F:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
15:53:53:234 0224 TDL3_FileDetect: Processing driver file: F:\WINDOWS\system32\drivers\disk.sys
15:53:53:234 0224 KLMD_CreateFileW: Trying to open file F:\WINDOWS\system32\drivers\disk.sys
15:53:53:234 0224 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A765C68
15:53:53:234 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A765C68
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A765C68[0x38]
15:53:53:234 0224 DetectCureTDL3: DRIVER_OBJECT addr: 8A72AAE0
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A72AAE0[0xA8]
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0xE197B680[0x208]
15:53:53:234 0224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:53:53:234 0224 DetectCureTDL3: IrpHandler (0) addr: B810EBB0
15:53:53:234 0224 DetectCureTDL3: IrpHandler (1) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (2) addr: B810EBB0
15:53:53:234 0224 DetectCureTDL3: IrpHandler (3) addr: B8108D1F
15:53:53:234 0224 DetectCureTDL3: IrpHandler (4) addr: B8108D1F
15:53:53:234 0224 DetectCureTDL3: IrpHandler (5) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (6) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (7) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (8) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (9) addr: B81092E2
15:53:53:234 0224 DetectCureTDL3: IrpHandler (10) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (11) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (12) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (13) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (14) addr: B81093BB
15:53:53:234 0224 DetectCureTDL3: IrpHandler (15) addr: B810CF28
15:53:53:234 0224 DetectCureTDL3: IrpHandler (16) addr: B81092E2
15:53:53:234 0224 DetectCureTDL3: IrpHandler (17) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (18) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (19) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (20) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (21) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (22) addr: B810AC82
15:53:53:234 0224 DetectCureTDL3: IrpHandler (23) addr: B810F99E
15:53:53:234 0224 DetectCureTDL3: IrpHandler (24) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (25) addr: 804F4562
15:53:53:234 0224 DetectCureTDL3: IrpHandler (26) addr: 804F4562
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
15:53:53:234 0224 KLMD_ReadMem: DeviceIoControl error 1
15:53:53:234 0224 TDL3_StartIoHookDetect: Unable to get StartIo handler code
15:53:53:234 0224 TDL3_FileDetect: Processing driver: Disk
15:53:53:234 0224 TDL3_FileDetect: Parameters: F:\WINDOWS\system32\drivers\disk.sys, F:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
15:53:53:234 0224 TDL3_FileDetect: Processing driver file: F:\WINDOWS\system32\drivers\disk.sys
15:53:53:234 0224 KLMD_CreateFileW: Trying to open file F:\WINDOWS\system32\drivers\disk.sys
15:53:53:234 0224 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A766AB8
15:53:53:234 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A766AB8
15:53:53:234 0224 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A72BF18
15:53:53:234 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A72BF18
15:53:53:234 0224 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A74C030
15:53:53:234 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A74C030
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A74C030[0x38]
15:53:53:234 0224 DetectCureTDL3: DRIVER_OBJECT addr: 8A717910
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A717910[0xA8]
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0xE1018E08[0x208]
15:53:53:234 0224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvata, Driver Name: nvata
15:53:53:234 0224 DetectCureTDL3: IrpHandler (0) addr: B7EC9894
15:53:53:234 0224 DetectCureTDL3: IrpHandler (1) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (2) addr: B7EC9894
15:53:53:234 0224 DetectCureTDL3: IrpHandler (3) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (4) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (5) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (6) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (7) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (8) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (9) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (10) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (11) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (12) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (13) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (14) addr: B7EC98AE
15:53:53:234 0224 DetectCureTDL3: IrpHandler (15) addr: B7EC9D4E
15:53:53:234 0224 DetectCureTDL3: IrpHandler (16) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (17) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (18) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (19) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (20) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (21) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (22) addr: B7EC9CEE
15:53:53:234 0224 DetectCureTDL3: IrpHandler (23) addr: B7EC9A7C
15:53:53:234 0224 DetectCureTDL3: IrpHandler (24) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (25) addr: B7EC9874
15:53:53:234 0224 DetectCureTDL3: IrpHandler (26) addr: B7EC9874
15:53:53:234 0224 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
15:53:53:234 0224 KLMD_ReadMem: DeviceIoControl error 1
15:53:53:234 0224 TDL3_StartIoHookDetect: Unable to get StartIo handler code
15:53:53:234 0224 TDL3_FileDetect: Processing driver: nvata
15:53:53:234 0224 TDL3_FileDetect: Similar paths for origin and cured (F:\WINDOWS\system32\drivers\nvata.tsk)! Generate new path
15:53:53:234 0224 TDL3_FileDetect: Parameters: F:\WINDOWS\system32\drivers\nvata.tsk, F:\WINDOWS\system32\Drivers\nvata.ts0, SYSTEM\CurrentControlSet\Services\nvata, system32\Drivers\nvata.ts0
15:53:53:234 0224 TDL3_FileDetect: Processing driver file: F:\WINDOWS\system32\drivers\nvata.tsk
15:53:53:234 0224 KLMD_CreateFileW: Trying to open file F:\WINDOWS\system32\drivers\nvata.tsk
15:53:53:250 0224 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A716AB8
15:53:53:250 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A716AB8
15:53:53:250 0224 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A764AC0
15:53:53:250 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A764AC0
15:53:53:250 0224 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A72A030
15:53:53:250 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A72A030
15:53:53:250 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A72A030[0x38]
15:53:53:250 0224 DetectCureTDL3: DRIVER_OBJECT addr: 8A717910
15:53:53:250 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A717910[0xA8]
15:53:53:250 0224 KLMD_ReadMem: Trying to ReadMemory 0xE1018E08[0x208]
15:53:53:250 0224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvata, Driver Name: nvata
15:53:53:250 0224 DetectCureTDL3: IrpHandler (0) addr: B7EC9894
15:53:53:250 0224 DetectCureTDL3: IrpHandler (1) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (2) addr: B7EC9894
15:53:53:250 0224 DetectCureTDL3: IrpHandler (3) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (4) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (5) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (6) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (7) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (8) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (9) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (10) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (11) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (12) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (13) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (14) addr: B7EC98AE
15:53:53:250 0224 DetectCureTDL3: IrpHandler (15) addr: B7EC9D4E
15:53:53:250 0224 DetectCureTDL3: IrpHandler (16) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (17) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (18) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (19) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (20) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (21) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (22) addr: B7EC9CEE
15:53:53:250 0224 DetectCureTDL3: IrpHandler (23) addr: B7EC9A7C
15:53:53:250 0224 DetectCureTDL3: IrpHandler (24) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (25) addr: B7EC9874
15:53:53:250 0224 DetectCureTDL3: IrpHandler (26) addr: B7EC9874
15:53:53:250 0224 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
15:53:53:250 0224 KLMD_ReadMem: DeviceIoControl error 1
15:53:53:250 0224 TDL3_StartIoHookDetect: Unable to get StartIo handler code
15:53:53:250 0224 TDL3_FileDetect: Processing driver: nvata
15:53:53:250 0224 TDL3_FileDetect: Similar paths for origin and cured (F:\WINDOWS\system32\drivers\nvata.tsk)! Generate new path
15:53:53:250 0224 TDL3_FileDetect: Parameters: F:\WINDOWS\system32\drivers\nvata.tsk, F:\WINDOWS\system32\Drivers\nvata.ts0, SYSTEM\CurrentControlSet\Services\nvata, system32\Drivers\nvata.ts0
15:53:53:250 0224 TDL3_FileDetect: Processing driver file: F:\WINDOWS\system32\drivers\nvata.tsk
15:53:53:250 0224 KLMD_CreateFileW: Trying to open file F:\WINDOWS\system32\drivers\nvata.tsk
15:53:53:250 0224 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A74CAB8
15:53:53:250 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A74CAB8
15:53:53:250 0224 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A76AE88
15:53:53:250 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A76AE88
15:53:53:250 0224 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A753940
15:53:53:250 0224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A753940
15:53:53:250 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A753940[0x38]
15:53:53:250 0224 DetectCureTDL3: DRIVER_OBJECT addr: 8A754B90
15:53:53:250 0224 KLMD_ReadMem: Trying to ReadMemory 0x8A754B90[0xA8]
15:53:53:250 0224 KLMD_ReadMem: Trying to ReadMemory 0xE101E900[0x208]
15:53:53:250 0224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
15:53:53:250 0224 DetectCureTDL3: IrpHandler (0) addr: B7F156F2
15:53:53:250 0224 DetectCureTDL3: IrpHandler (1) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (2) addr: B7F156F2
15:53:53:250 0224 DetectCureTDL3: IrpHandler (3) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (4) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (5) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (6) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (7) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (8) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (9) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (10) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (11) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (12) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (13) addr: 804F4562
15:53:53:250 0224 DetectCureTDL3: IrpHandler (14) addr: B7F15712
15:53:53:250 0224 DetectCureTDL3: IrpHandler (15) addr: B7F11852
15:53:53:265 0224 DetectCureTDL3: IrpHandler (16) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (17) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (18) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (19) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (20) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (21) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (22) addr: B7F1573C
15:53:53:265 0224 DetectCureTDL3: IrpHandler (23) addr: B7F1C336
15:53:53:265 0224 DetectCureTDL3: IrpHandler (24) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (25) addr: 804F4562
15:53:53:265 0224 DetectCureTDL3: IrpHandler (26) addr: 804F4562
15:53:53:265 0224 KLMD_ReadMem: Trying to ReadMemory 0xB7F12864[0x400]
15:53:53:265 0224 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
15:53:53:265 0224 TDL3_FileDetect: Processing driver: atapi
15:53:53:265 0224 TDL3_FileDetect: Parameters: F:\WINDOWS\system32\drivers\atapi.sys, F:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
15:53:53:265 0224 TDL3_FileDetect: Processing driver file: F:\WINDOWS\system32\drivers\atapi.sys
15:53:53:265 0224 KLMD_CreateFileW: Trying to open file F:\WINDOWS\system32\drivers\atapi.sys
15:53:53:265 0224
Completed

Results:
15:53:53:265 0224 Infected objects in memory: 0
15:53:53:265 0224 Cured objects in memory: 0
15:53:53:265 0224 Infected objects on disk: 0
15:53:53:265 0224 Objects on disk cured on reboot: 0
15:53:53:265 0224 Objects on disk deleted on reboot: 0
15:53:53:265 0224 Registry nodes deleted on reboot: 0
15:53:53:265 0224

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 AM

Posted 07 January 2010 - 08:28 AM

How is Firefox working now? Are you still being redirected?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users