Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Keeps Shutting Down Attempts to Diagnose or Fix


  • This topic is locked This topic is locked
34 replies to this topic

#1 jlong815

jlong815

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 09 October 2011 - 09:21 PM

Thank you for your time and help, Jim.

Previous Post:
http://www.bleepingcomputer.com/forums/topic422232.html/page__p__2432259__fromsearch__1#entry2432259

Summary
I am having similar problems with Open Cloud AV to those mentioned in the forum, and I have been trying to apply the fixes mentioned here. Some details about my set-up and what I have tried:
- Windows XP Service Pack 3, HP Pavilion Laptop
- I started seeing the bogus "infection" warnings and saw a shortcut to Open Cloud AV on the desktop.
- MBAW was installed, but I was unable to launch it (or any other type of antivirus software)
- Task Manager was mostly unresponsive, many programs wouldn't launch, or would quickly quit.
- I had internet access, but various ads would launch when opening IE or FF.
- I have tried rkill (including renaming it).
- I have tried re-installing and updating MBAM (including renaming it.) I can do both, but it quits just after "enumerating items to be scanned..."
- Upon restart, the shortcut to MBAM no longer works.
- I checked the Proxy Settings for both browsers, neither has proxy checked. (Is there somewhere else to look for a proxy setting?)
- Windows Update will not run, nor will MS Security Essentials.
- I ran tdsskiller. It finds problems, but the only options are to skip, copy to quarantine, and delete. I have tried all. There is no "ensure cure" that I can see. It asks to reboot. (Very slow) Whether I reboot or not, rescans show additional problems.
- I have used Add/Remove Software to remove Java.
- It still seems like "something" is preventing attempts to scan and fix problems.
- I have tried many of these steps in both Normal and Safe Modes.


LATEST STATUS: In response to "boopme", I have tried the following:
- I successfully ran Defogger to disable CD Emulation drivers.
- I was unable to run "dds" in normal mode. I briefly saw a black dialogue box and it shut down.
- I was able to launch GMER in normal mode. It appears to start a scan and locks-up. I was unable to change settings or save a log.
- I rebooted into Safe Mode, so everything below this is from Safe Mode.
- I was able to run "dds". I will include the logs here.
- I was able to launch GMER. It ran a scan before I could change settings. I will include that log (ARK).
- Afterwards, I unchecked IAT/EAT and clicked "scan". It starts the scan, but something shuts down the program before it finishes. I could not save a log. I was able to get a screen capture just before it quit. (Attached: GMER Screen Capture.jpg)

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Jim Long at 21:48:40 on 2011-10-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.221 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\3203397148:3809022017.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {034dedcd-b21a-4d21-9955-ef24ef23c66f} - c:\documents and settings\jim long\local settings\application data\ServiceWin32.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196625876718
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{63EEE54A-2E4A-4FFF-803A-50942467CB2A} : DhcpNameServer = 68.87.68.166 68.87.74.166
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim long\application data\mozilla\firefox\profiles\tnt18aic.default\
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S0 14586029;14586029;c:\windows\system32\drivers\02472624.sys --> c:\windows\system32\drivers\02472624.sys [?]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-12-17 200192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-8 41272]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-20 24652]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2011-10-09 03:30:08 -------- d-----w- c:\documents and settings\jim long\DoctorWeb
2011-10-09 03:05:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 03:17:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 03:08:42 -------- d--h--w- c:\windows\PIF
2011-10-06 03:42:28 -------- d-----w- c:\documents and settings\jim long\local settings\application data\AOL OCP
2011-10-06 03:23:39 -------- d-----w- c:\documents and settings\jim long\local settings\application data\Secunia PSI
2011-10-06 03:22:12 -------- d-----w- c:\program files\Secunia
2011-10-05 22:51:56 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-05 22:20:17 -------- dc-h--w- c:\windows\ie8
2011-10-05 21:06:11 -------- d-----w- C:\618601418389611d02e6
2011-10-05 03:46:09 -------- d-----w- c:\documents and settings\jim long\local settings\application data\PCHealth
2011-10-05 03:39:24 -------- d-----w- C:\fad2c96a56cde4943618b6
2011-10-05 02:48:01 -------- d-----w- c:\program files\Copy of Malwarebytes' Anti-Malware
2011-10-04 06:41:55 -------- d-----w- c:\documents and settings\jim long\application data\SUPERAntiSpyware.com
2011-10-04 06:41:52 -------- dc----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-04 06:24:13 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-10-04 06:24:09 -------- d-----w- c:\documents and settings\jim long\local settings\application data\NPE
2011-10-04 06:20:29 -------- dc----w- c:\documents and settings\all users\application data\Norton
2011-10-04 05:29:35 7269712 -c----w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-10-04 05:26:55 56200 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{af6fa218-c886-456b-8c43-f8b4b328f0ba}\offreg.dll
2011-10-04 05:26:44 7269712 -c----w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{af6fa218-c886-456b-8c43-f8b4b328f0ba}\mpengine.dll
2011-10-04 04:27:41 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 01:55:51 -------- d-----w- c:\documents and settings\jim long\application data\WaQH6dWK7R9TqUe
2011-10-04 01:55:50 -------- d-----w- c:\documents and settings\jim long\application data\LXwkUVrlOtPuSiD
2011-10-04 01:17:24 -------- d-----w- c:\documents and settings\jim long\application data\ZwwwkIIVrlOt
2011-10-04 01:17:24 -------- d-----w- c:\documents and settings\jim long\application data\IxAA00ucS2ib3pG
2011-10-04 01:17:20 2398208 ----a-w- c:\windows\system32\HrrllONNtx0uc2b.exe
2011-10-04 01:17:20 -------- d-----w- c:\documents and settings\jim long\application data\O55ssQJ7dEL8RZh
2011-10-02 19:04:09 -------- d-----w- c:\documents and settings\jim long\application data\.minecraft
2011-09-30 03:33:52 0 ---ha-w- c:\documents and settings\jim long\xihpfmykxh.tmp
2011-09-30 02:22:18 85504 -c--a-w- c:\documents and settings\all users\application data\WindowsNotifierVerifier.dll
2011-09-30 02:22:10 251904 ----a-w- c:\documents and settings\jim long\local settings\application data\ServiceWin32.dll
2011-09-21 18:07:07 -------- dc----w- c:\documents and settings\all users\application data\YouTube Downloader
2011-09-21 18:06:33 -------- d-----w- c:\program files\YouTube Downloader
2011-09-19 05:47:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
==================== Find3M ====================
.
2011-09-30 02:23:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 21:50:20.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 11 October 2011 - 10:36 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Please download DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    C:\WINDOWS\3203397148
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jlong815

jlong815
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 12 October 2011 - 07:19 PM

- Ran DummyCreator.zip
- Restarted

DummyCreator by Farbar
Ran by Jim Long (administrator) on 12-10-2011 at 19:59:48
**************************************************************

C:\WINDOWS\3203397148 [12-10-2011 19:58:57]

== End of log ==

- Ran Combofix
- It prompted me to install ... (I did have internet access.)
- "Failed to download required files. Aborting... Shall continue scanning for malware. I clicked OK.
- "Scanning for infected files..."
- The laptop restarted. On restart, ComboFix started again.
- Completed Stage_1, 2, 3, 4, 5
- pev.3XE - Corrupt File: C:/DOCUME~1\NetworkService\Cookies\system@146.185.250[4].txt is corrupt and unreadable. please tun the Chkdsk utility.
- C:\$Mft is corrupt...
- Completed Stage_6, 6_A, 7 through 33... see log. A lot of error messages like above.
- Should I run chkdsk? Scan with Malware Bytes?
- Waiting on your reply.

Thanks,

Jim

ComboFix 11-10-12.04 - Jim Long 10/12/2011 21:06:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.151 [GMT -4:00]
Running from: c:\documents and settings\Jim Long\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\WindowsNotifierVerifier.dll
c:\documents and settings\Jim Long\Application Data\IxAA00ucS2ib3pGOpen Cloud AV.ico
c:\documents and settings\Jim Long\Application Data\ldr.ini
c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\extensions\{9ab92373-0402-482d-8d45-c1967e821064}
c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\extensions\{9ab92373-0402-482d-8d45-c1967e821064}\chrome.manifest
c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\extensions\{9ab92373-0402-482d-8d45-c1967e821064}\chrome\xulcache.jar
c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\extensions\{9ab92373-0402-482d-8d45-c1967e821064}\defaults\preferences\xulcache.js
c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\extensions\{9ab92373-0402-482d-8d45-c1967e821064}\install.rdf
c:\documents and settings\Jim Long\Application Data\WaQH6dWK7R9TqUeOpen Cloud AV.ico
c:\documents and settings\Jim Long\Local Settings\Application Data\Conduit\ConduitUpdate\Conduitupdt32.dll
c:\documents and settings\Jim Long\Local Settings\Application Data\ServiceWin32.dll
c:\documents and settings\Jim Long\My Documents\~WRL0001.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0002.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0003.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0004.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0005.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0006.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0007.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0008.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0025.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0033.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0047.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0070.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0073.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0076.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0088.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0100.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0101.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0103.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0134.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0144.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0172.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0200.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0201.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0220.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0225.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0264.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0265.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0281.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0284.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0289.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0335.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0358.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0368.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0387.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0400.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0440.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0448.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0461.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0468.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0471.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0484.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0486.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0487.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0496.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0497.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0540.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0555.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0557.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0628.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0640.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0641.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0678.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0679.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0680.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0697.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0703.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0724.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0768.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0784.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0882.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0916.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0955.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0963.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0966.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0972.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0979.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0991.tmp
c:\documents and settings\Jim Long\My Documents\~WRL0993.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1013.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1014.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1019.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1021.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1060.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1077.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1083.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1087.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1103.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1104.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1105.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1139.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1142.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1148.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1186.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1198.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1210.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1224.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1244.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1247.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1251.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1256.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1291.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1331.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1345.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1362.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1389.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1409.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1411.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1421.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1424.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1436.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1468.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1486.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1494.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1503.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1513.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1515.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1517.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1529.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1532.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1536.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1547.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1548.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1551.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1617.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1627.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1629.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1652.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1699.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1720.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1721.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1735.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1765.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1772.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1785.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1789.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1794.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1799.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1801.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1805.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1821.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1845.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1863.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1881.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1886.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1888.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1900.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1910.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1932.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1933.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1957.tmp
c:\documents and settings\Jim Long\My Documents\~WRL1986.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2008.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2009.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2032.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2044.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2047.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2059.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2066.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2069.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2082.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2090.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2128.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2137.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2140.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2173.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2195.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2198.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2207.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2232.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2250.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2251.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2270.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2275.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2287.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2315.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2319.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2359.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2360.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2373.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2417.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2423.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2425.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2447.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2454.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2477.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2478.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2483.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2490.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2528.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2529.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2542.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2560.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2575.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2611.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2630.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2650.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2651.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2678.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2684.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2685.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2703.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2717.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2724.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2738.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2748.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2761.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2809.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2824.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2828.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2832.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2846.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2859.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2882.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2887.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2888.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2890.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2899.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2919.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2924.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2936.tmp
c:\documents and settings\Jim Long\My Documents\~WRL2992.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3002.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3010.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3011.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3057.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3061.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3121.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3132.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3152.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3154.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3157.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3161.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3198.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3205.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3206.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3207.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3216.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3217.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3232.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3244.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3252.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3254.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3262.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3272.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3275.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3296.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3362.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3379.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3408.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3412.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3413.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3425.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3465.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3487.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3489.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3496.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3515.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3526.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3536.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3569.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3595.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3597.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3610.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3614.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3618.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3620.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3626.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3638.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3664.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3683.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3689.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3702.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3718.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3720.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3774.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3815.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3832.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3845.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3848.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3851.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3898.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3945.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3946.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3960.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3969.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3972.tmp
c:\documents and settings\Jim Long\My Documents\~WRL3994.tmp
c:\documents and settings\Jim Long\My Documents\~WRL4005.tmp
c:\documents and settings\Jim Long\My Documents\~WRL4026.tmp
c:\documents and settings\Jim Long\My Documents\~WRL4027.tmp
c:\documents and settings\Jim Long\My Documents\~WRL4045.tmp
c:\documents and settings\Jim Long\My Documents\~WRL4050.tmp
c:\documents and settings\Jim Long\My Documents\~WRL4055.tmp
c:\documents and settings\Jim Long\My Documents\iexplore.exe
c:\documents and settings\Jim Long\My Documents\xihpfmykxh.tmp
c:\documents and settings\Jim Long\System
c:\documents and settings\Jim Long\System\win_qs8.jqx
c:\documents and settings\Jim Long\WINDOWS
c:\documents and settings\Jim Long\xihpfmykxh.tmp
c:\windows\$NtUninstallKB3255$\1216346488
c:\windows\$NtUninstallKB3255$\485945278\@
c:\windows\$NtUninstallKB3255$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB3255$\485945278\cfg.ini
c:\windows\$NtUninstallKB3255$\485945278\Desktop.ini
c:\windows\$NtUninstallKB3255$\485945278\keywords
c:\windows\$NtUninstallKB3255$\485945278\kwrd.dll
c:\windows\$NtUninstallKB3255$\485945278\L\yaywbcos
c:\windows\$NtUninstallKB3255$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB3255$\485945278\U\00000001.@
c:\windows\$NtUninstallKB3255$\485945278\U\00000002.@
c:\windows\$NtUninstallKB3255$\485945278\U\80000000.@
c:\windows\$NtUninstallKB3255$\485945278\U\80000032.@
c:\windows\3203397148
c:\windows\desktop
c:\windows\system32\d3d9caps.dat
c:\windows\system32\logs
c:\windows\$NtUninstallKB3255$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1cf6efbe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-09 03:30 . 2011-10-09 03:30 -------- d-----w- c:\documents and settings\Jim Long\DoctorWeb
2011-10-09 03:05 . 2011-10-09 03:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 03:17 . 2011-10-07 03:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 03:08 . 2011-10-07 03:08 -------- d--h--w- c:\windows\PIF
2011-10-07 03:06 . 2011-10-07 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-06 03:42 . 2011-10-06 03:42 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\AOL OCP
2011-10-06 03:23 . 2011-10-06 03:23 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\Secunia PSI
2011-10-06 03:22 . 2011-10-06 03:22 -------- d-----w- c:\program files\Secunia
2011-10-05 22:51 . 2011-10-05 22:51 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-05 22:20 . 2011-10-05 22:22 -------- dc-h--w- c:\windows\ie8
2011-10-05 21:06 . 2011-10-05 21:06 -------- d-----w- C:\618601418389611d02e6
2011-10-05 03:46 . 2011-10-05 03:46 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\PCHealth
2011-10-05 03:39 . 2011-10-05 03:39 -------- d-----w- C:\fad2c96a56cde4943618b6
2011-10-05 02:48 . 2011-10-05 02:48 -------- d-----w- c:\program files\Copy of Malwarebytes' Anti-Malware
2011-10-04 06:41 . 2011-10-04 06:41 -------- d-----w- c:\documents and settings\Jim Long\Application Data\SUPERAntiSpyware.com
2011-10-04 06:41 . 2011-10-04 06:41 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-04 06:24 . 2011-10-04 06:24 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-10-04 06:24 . 2011-10-04 06:24 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\NPE
2011-10-04 06:20 . 2011-10-04 06:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2011-10-04 05:29 . 2011-09-21 13:00 7269712 -c----w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-10-04 05:26 . 2011-10-04 05:26 56200 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6FA218-C886-456B-8C43-F8B4B328F0BA}\offreg.dll
2011-10-04 05:26 . 2011-09-21 13:00 7269712 -c----w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6FA218-C886-456B-8C43-F8B4B328F0BA}\mpengine.dll
2011-10-04 04:27 . 2011-10-04 04:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 03:10 . 2011-10-04 03:11 -------- dc----w- c:\documents and settings\Administrator
2011-10-04 01:55 . 2011-10-04 01:55 -------- d-----w- c:\documents and settings\Jim Long\Application Data\WaQH6dWK7R9TqUe
2011-10-04 01:55 . 2011-10-04 01:55 -------- d-----w- c:\documents and settings\Jim Long\Application Data\LXwkUVrlOtPuSiD
2011-10-04 01:17 . 2011-10-04 01:17 -------- d-----w- c:\documents and settings\Jim Long\Application Data\ZwwwkIIVrlOt
2011-10-04 01:17 . 2011-10-04 01:17 -------- d-----w- c:\documents and settings\Jim Long\Application Data\IxAA00ucS2ib3pG
2011-10-04 01:17 . 2011-10-04 01:17 2398208 ----a-w- c:\windows\system32\HrrllONNtx0uc2b.exe
2011-10-04 01:17 . 2011-10-04 01:17 -------- d-----w- c:\documents and settings\Jim Long\Application Data\O55ssQJ7dEL8RZh
2011-10-02 19:04 . 2011-10-02 19:10 -------- d-----w- c:\documents and settings\Jim Long\Application Data\.minecraft
2011-09-21 18:07 . 2011-09-21 18:07 -------- dc----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-09-21 18:06 . 2011-09-21 18:06 -------- d-----w- c:\program files\YouTube Downloader
2011-09-21 17:48 . 2011-09-21 17:48 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2011-09-19 05:47 . 2011-09-19 05:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-19 05:40 . 2011-10-05 03:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 02:23 . 2011-06-29 00:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2011-08-07 19:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-29 06:53 . 2011-10-04 03:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
.
.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 08:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\mshtml.dll
[7] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[7] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\mshtml.dll
[7] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[7] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[7] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[7] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[7] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[7] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[7] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\wininet.dll
[7] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[7] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3GDR\wininet.dll
[7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3QFE\wininet.dll
[7] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[7] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie8\wininet.dll
[7] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-09-14 . 621AF3F6174A3F60677F5230E28BCC07 . 658944 . . [6.00.2900.2995] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-06-23 . 2B4DB890936430C71419037039502752 . 658944 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-05-10 . 38AB7A56F566D9AAAD31812494944824 . 658432 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-02 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-02 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB896688$\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[7] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[7] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-04 08:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 1D659BFB788ED2BA45075624B748D249 . 2057600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
.
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2004-08-04 08:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2004-08-04 08:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie8\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe
[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe
[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[7] 2007-06-27 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
[7] 2007-06-27 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe
[7] 2007-04-24 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\iexplore.exe
[7] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe
[7] 2007-02-28 . D321092F8529CDAE843D6E24E3CAC6CB . 625152 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe
[7] 2007-02-21 . 683DDE71BCF03B501B912D20CB93B549 . 623616 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\iexplore.exe
[7] 2007-01-08 . 93A6A4F5293AE19E3B37021AABCF0902 . 623616 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\iexplore.exe
[7] 2006-10-17 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
.
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 8F0DEAB1F81FB83F9C5995853CE48B9F . 2180352 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[7] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[7] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-22 01:05 344064 ----a-w- c:\windows\system32\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 14:34 851968 -c--a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-12-03 18:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-04-01 22:11 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 20:04 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iUUCeelIBt8234A]
2011-10-04 01:17 2398208 ----a-w- c:\windows\system32\HrrllONNtx0uc2b.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 19:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 -c--a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 15:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-02 12:11 692316 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-02 12:12 102492 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"LxrJD31s"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"hpqwmi"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"ATI Smart"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135518573\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135518573\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 14586029;14586029;c:\windows\system32\drivers\02472624.sys [x]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-09 41272]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 6656]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-13 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-14586029.sys
SafeBoot-47911349.sys
SafeBoot-75464484.sys
SafeBoot-80201497.sys
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-HPHUPD08 - c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-Synaptics Update - c:\documents and settings\Jim Long\Local Settings\Application Data\Conduit\ConduitUpdate\Conduitupdt32.dll
MSConfigStartUp-WindowsNotifierVerifier - c:\documents and settings\All Users\Application Data\WindowsNotifierVerifier.dll
MSConfigStartUp-x3watch - c:\program files\X3watch\x3watch.exe
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 21:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-12 22:25:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-13 02:25
.
Pre-Run: 5,506,445,312 bytes free
Post-Run: 6,093,209,600 bytes free
.
- - End Of File - - B32499011BD659D43AAABDC780280747

Edited by jlong815, 12 October 2011 - 09:39 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 12 October 2011 - 07:25 PM

send me the report when complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jlong815

jlong815
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 12 October 2011 - 09:41 PM

Done, see above...

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 12 October 2011 - 10:20 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\HrrllONNtx0uc2b.exe

Folder::
c:\documents and settings\Jim Long\Application Data\WaQH6dWK7R9TqUe
c:\documents and settings\Jim Long\Application Data\LXwkUVrlOtPuSiD
c:\documents and settings\Jim Long\Application Data\ZwwwkIIVrlOt
c:\documents and settings\Jim Long\Application Data\IxAA00ucS2ib3pG
c:\documents and settings\Jim Long\Application Data\O55ssQJ7dEL8RZh

Driver::
14586029

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jlong815

jlong815
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 12 October 2011 - 11:33 PM

ComboFix 11-10-12.04 - Jim Long 10/12/2011 23:46:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.124 [GMT -4:00]
Running from: c:\documents and settings\Jim Long\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim Long\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\HrrllONNtx0uc2b.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jim Long\Application Data\IxAA00ucS2ib3pG
c:\documents and settings\Jim Long\Application Data\LXwkUVrlOtPuSiD
c:\documents and settings\Jim Long\Application Data\O55ssQJ7dEL8RZh
c:\documents and settings\Jim Long\Application Data\WaQH6dWK7R9TqUe
c:\documents and settings\Jim Long\Application Data\ZwwwkIIVrlOt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_14586029
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-09 03:30 . 2011-10-09 03:30 -------- d-----w- c:\documents and settings\Jim Long\DoctorWeb
2011-10-09 03:05 . 2011-10-09 03:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 03:17 . 2011-10-07 03:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 03:08 . 2011-10-07 03:08 -------- d--h--w- c:\windows\PIF
2011-10-07 03:06 . 2011-10-07 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-06 03:42 . 2011-10-06 03:42 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\AOL OCP
2011-10-06 03:23 . 2011-10-06 03:23 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\Secunia PSI
2011-10-06 03:22 . 2011-10-06 03:22 -------- d-----w- c:\program files\Secunia
2011-10-05 22:51 . 2011-10-05 22:51 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-05 22:20 . 2011-10-05 22:22 -------- dc-h--w- c:\windows\ie8
2011-10-05 21:06 . 2011-10-05 21:06 -------- d-----w- C:\618601418389611d02e6
2011-10-05 03:46 . 2011-10-05 03:46 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\PCHealth
2011-10-05 03:39 . 2011-10-05 03:39 -------- d-----w- C:\fad2c96a56cde4943618b6
2011-10-05 02:48 . 2011-10-05 02:48 -------- d-----w- c:\program files\Copy of Malwarebytes' Anti-Malware
2011-10-04 06:41 . 2011-10-04 06:41 -------- d-----w- c:\documents and settings\Jim Long\Application Data\SUPERAntiSpyware.com
2011-10-04 06:41 . 2011-10-04 06:41 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-04 06:24 . 2011-10-04 06:24 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-10-04 06:24 . 2011-10-04 06:24 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\NPE
2011-10-04 06:20 . 2011-10-04 06:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2011-10-04 05:29 . 2011-09-21 13:00 7269712 -c----w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-10-04 05:26 . 2011-10-04 05:26 56200 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6FA218-C886-456B-8C43-F8B4B328F0BA}\offreg.dll
2011-10-04 05:26 . 2011-09-21 13:00 7269712 -c----w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6FA218-C886-456B-8C43-F8B4B328F0BA}\mpengine.dll
2011-10-04 04:27 . 2011-10-04 04:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 03:10 . 2011-10-04 03:11 -------- dc----w- c:\documents and settings\Administrator
2011-10-04 01:17 . 2011-10-04 01:17 2398208 ----a-w- c:\windows\system32\HrrllONNtx0uc2b.exe
2011-10-02 19:04 . 2011-10-02 19:10 -------- d-----w- c:\documents and settings\Jim Long\Application Data\.minecraft
2011-09-21 18:07 . 2011-09-21 18:07 -------- dc----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-09-21 18:06 . 2011-09-21 18:06 -------- d-----w- c:\program files\YouTube Downloader
2011-09-21 17:48 . 2011-09-21 17:48 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2011-09-19 05:47 . 2011-09-19 05:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-19 05:40 . 2011-10-05 03:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 02:23 . 2011-06-29 00:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2011-08-07 19:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-29 06:53 . 2011-10-04 03:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-22 01:05 344064 ----a-w- c:\windows\system32\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 14:34 851968 -c--a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-12-03 18:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-04-01 22:11 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 20:04 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iUUCeelIBt8234A]
2011-10-04 01:17 2398208 ----a-w- c:\windows\system32\HrrllONNtx0uc2b.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 19:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 -c--a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 15:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-02 12:11 692316 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-02 12:12 102492 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"LxrJD31s"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"hpqwmi"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"ATI Smart"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135518573\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135518573\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-09 41272]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 6656]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-13 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 00:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Secunia\PSI\psi_tray.exe
.
**************************************************************************
.
Completion time: 2011-10-13 00:30:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-13 04:30
ComboFix2.txt 2011-10-13 02:25
.
Pre-Run: 6,088,347,648 bytes free
Post-Run: 6,073,978,880 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog
.
- - End Of File - - A3705CC200D41C396E404B2A28CD3779

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 13 October 2011 - 08:56 AM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\system32\HrrllONNtx0uc2b.exe
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jlong815

jlong815
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 13 October 2011 - 04:33 PM

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\hrrllonntx0uc2b.exe", destinationFile = "(null)", replaceWithDummy = 0

What's the next step?

Thanks! Jim

Edited by jlong815, 13 October 2011 - 08:36 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 13 October 2011 - 09:06 PM

Hello

I would like you to rerun combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jlong815

jlong815
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 13 October 2011 - 10:31 PM

ComboFix 11-10-13.05 - Jim Long 10/13/2011 23:02:48.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.195 [GMT -4:00]
Running from: c:\documents and settings\Jim Long\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-09 03:30 . 2011-10-09 03:30 -------- d-----w- c:\documents and settings\Jim Long\DoctorWeb
2011-10-09 03:05 . 2011-10-09 03:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 03:17 . 2011-10-07 03:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 03:08 . 2011-10-07 03:08 -------- d--h--w- c:\windows\PIF
2011-10-07 03:06 . 2011-10-07 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-06 03:42 . 2011-10-06 03:42 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\AOL OCP
2011-10-06 03:23 . 2011-10-06 03:23 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\Secunia PSI
2011-10-06 03:22 . 2011-10-06 03:22 -------- d-----w- c:\program files\Secunia
2011-10-05 22:51 . 2011-10-05 22:51 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-05 22:20 . 2011-10-05 22:22 -------- dc-h--w- c:\windows\ie8
2011-10-05 21:06 . 2011-10-05 21:06 -------- d-----w- C:\618601418389611d02e6
2011-10-05 03:46 . 2011-10-05 03:46 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\PCHealth
2011-10-05 03:39 . 2011-10-05 03:39 -------- d-----w- C:\fad2c96a56cde4943618b6
2011-10-05 02:48 . 2011-10-05 02:48 -------- d-----w- c:\program files\Copy of Malwarebytes' Anti-Malware
2011-10-04 06:41 . 2011-10-04 06:41 -------- d-----w- c:\documents and settings\Jim Long\Application Data\SUPERAntiSpyware.com
2011-10-04 06:41 . 2011-10-04 06:41 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-04 06:24 . 2011-10-04 06:24 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-10-04 06:24 . 2011-10-04 06:24 -------- d-----w- c:\documents and settings\Jim Long\Local Settings\Application Data\NPE
2011-10-04 06:20 . 2011-10-04 06:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2011-10-04 05:29 . 2011-09-21 13:00 7269712 -c----w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-10-04 05:26 . 2011-10-04 05:26 56200 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6FA218-C886-456B-8C43-F8B4B328F0BA}\offreg.dll
2011-10-04 05:26 . 2011-09-21 13:00 7269712 -c----w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6FA218-C886-456B-8C43-F8B4B328F0BA}\mpengine.dll
2011-10-04 04:27 . 2011-10-04 04:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 03:10 . 2011-10-04 03:11 -------- dc----w- c:\documents and settings\Administrator
2011-10-02 19:04 . 2011-10-02 19:10 -------- d-----w- c:\documents and settings\Jim Long\Application Data\.minecraft
2011-09-21 18:07 . 2011-09-21 18:07 -------- dc----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-09-21 18:06 . 2011-09-21 18:06 -------- d-----w- c:\program files\YouTube Downloader
2011-09-21 17:48 . 2011-09-21 17:48 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2011-09-19 05:47 . 2011-09-19 05:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-19 05:40 . 2011-10-05 03:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 02:23 . 2011-06-29 00:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2011-08-07 19:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 06:53 . 2011-10-04 03:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-22 01:05 344064 ----a-w- c:\windows\system32\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 14:34 851968 -c--a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-12-03 18:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-04-01 22:11 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 20:04 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 19:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 -c--a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 15:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-02 12:11 692316 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-02 12:12 102492 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"LxrJD31s"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"hpqwmi"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"ATI Smart"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135518573\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135518573\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [3/9/2011 10:44 PM 6656]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/17/2006 1:50 AM 200192]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/8/2011 11:05 PM 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-14 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\documents and settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-iUUCeelIBt8234A - c:\windows\system32\HrrllONNtx0uc2b.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 23:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(240)
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2011-10-13 23:29:58
ComboFix-quarantined-files.txt 2011-10-14 03:29
ComboFix2.txt 2011-10-13 04:30
ComboFix3.txt 2011-10-13 02:25
.
Pre-Run: 6,068,686,848 bytes free
Post-Run: 6,052,102,144 bytes free
.
- - End Of File - - D1AA49AB697C21FD0BF719DD5584A59F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 13 October 2011 - 11:55 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 7.0

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jlong815

jlong815
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 14 October 2011 - 03:33 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7948

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/14/2011 4:25:52 PM
mbam-log-2011-10-14 (16-25-51).txt

Scan type: Quick scan
Objects scanned: 219382
Time elapsed: 12 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:19 PM, on 10/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196625876718
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

--
End of file - 5475 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 14 October 2011 - 04:36 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
      O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]



If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jlong815

jlong815
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 14 October 2011 - 07:32 PM

Not looking good?
-Jim



C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\WindowsNotifierVerifier.dll.vir a variant of Win32/Kryptik.TJO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Jim Long\Application Data\Mozilla\Firefox\Profiles\tnt18aic.default\extensions\{9ab92373-0402-482d-8d45-c1967e821064}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Jim Long\Local Settings\Application Data\ServiceWin32.dll.vir a variant of Win32/Kryptik.TJO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Jim Long\Local Settings\Application Data\Conduit\ConduitUpdate\Conduitupdt32.dll.vir a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP936\A0555735.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP937\A0557731.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0560733.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0561772.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0564728.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0564751.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0567751.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0567772.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0569795.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0570805.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0570810.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0570822.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0570829.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0571820.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0573847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0574847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0575847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0575854.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0576847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0576854.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0577847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0577854.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0578847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0578854.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0579847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0579854.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0580847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0581847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP938\A0581854.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP939\A0582847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP939\A0582854.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP939\A0583847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP941\A0584847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP941\A0589847.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP941\A0589960.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP942\A0592104.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP942\A0593079.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP943\A0593286.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP943\A0593388.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP943\A0594286.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP943\A0594293.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP943\A0597286.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP943\A0597293.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP945\A0598286.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP945\A0598293.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0599286.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0601300.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0601307.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0602300.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0602307.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0603300.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0603307.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0604300.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0605300.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0605329.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0606329.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0607329.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0607337.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0608337.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0608344.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0609337.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0609344.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0610337.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0610344.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0611337.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0611346.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0612346.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0612376.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0613346.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0613354.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0614354.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0614367.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0614377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0614386.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0615377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0616377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0617377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0617384.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0618377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0619377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0620377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0621377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0621384.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0622377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0623377.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0623384.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0623386.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0623393.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0624386.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0625386.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0626386.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0627386.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0627393.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0628386.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP948\A0628497.dll a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP948\A0628500.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP948\A0628502.dll a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP948\A0628503.dll a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP948\A0628699.exe Win32/Adware.WinAntiVirus.AB application
C:\TDSSKiller_Quarantine\05.10.2011_18.47.37\susp0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.CR trojan
C:\TDSSKiller_Quarantine\05.10.2011_18.47.37\susp0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.CR trojan
C:\WINDOWS\system32\drivers\redbook.sys Win32/Sirefef.DA trojan

Edited by jlong815, 14 October 2011 - 07:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users