Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System compromised


  • This topic is locked This topic is locked
22 replies to this topic

#1 ziolablue

ziolablue

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 06 December 2011 - 09:18 PM

I am writing today concerning a few issues.

I recieve a Linksys Wireless NetWork Monitor Win 3R error Code 997 sometimes is says Linksys Wireless NetWork Monitor Win 3R eroor Code 997 overlapped I/O operation in progress. Either way it shuts down my browser , sometimes it shuts down my internet usage.

Some times the menu bar on the bottom of my screen changes from blue to grey
My computer runs slowly, at times it will not complete a shut down

My administrator side of my computer has vanished

my norton and windows can not preform a back up

I can not do updates

My computer is running extremely slow at times.

The first log requested doesnt appear in a language I can read, Am I using an outdated notepad? DDS scan

LÍ!This program cannot be run in DOS mode.

edit seems i saved the file while it was still scanning , the dds scan file save isnt allowed to be attached. I must have made an error on that , i will reattempt. The GMER scan recieved an error code and shut down so the attachment still isnt complete scan.

Error Signature
App Name gmer.exe AppVer 1.0.15.15641 ModName: ntdll.dll
Mod Ver: 5.1.2600.5755 OffSet: 0001101a
Reporting Details This error includes: information regarding the condition of gmer.exe when the problem occurred: the operating systen version and computer hardware in use, your digital product ID, which could be used to identify your license , and the protcol(IP) address of your computer.


Exception Information:
Code 0xc0000005 Flags 0x00000000 Record: 0x0000000000000000
Address 0x000000007c91101a

Attached Files

  • Attached File  ark.txt   122.02KB   1 downloads

Edited by ziolablue, 06 December 2011 - 10:02 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 PM

Posted 11 December 2011 - 09:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431104 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 December 2011 - 08:57 PM

Yes I still need help and am currently running in safe mode, seems the computer wont open windows normally, I run xp and do not have the windows disk. My computer seems to have a mind of its own and refuses to follow my prompts,

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:56 AM

Posted 13 December 2011 - 10:38 AM

Hello ziolablue,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 13 December 2011 - 09:30 PM

13:59:27.0718 3468 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:59:29.0718 3468 ============================================================
13:59:29.0718 3468 Current date / time: 2011/12/13 13:59:29.0718
13:59:29.0718 3468 SystemInfo:
13:59:29.0718 3468
13:59:29.0718 3468 OS Version: 5.1.2600 ServicePack: 3.0
13:59:29.0718 3468 Product type: Workstation
13:59:30.0062 3468 ComputerName: D3R66341
13:59:30.0062 3468 UserName: Dad
13:59:30.0062 3468 Windows directory: C:\WINDOWS
13:59:30.0062 3468 System windows directory: C:\WINDOWS
13:59:30.0062 3468 Processor architecture: Intel x86
13:59:30.0062 3468 Number of processors: 1
13:59:30.0062 3468 Page size: 0x1000
13:59:30.0062 3468 Boot type: Normal boot
13:59:30.0062 3468 ============================================================
13:59:40.0312 3468 Initialize success
14:01:17.0984 0480 ============================================================
14:01:17.0984 0480 Scan started
14:01:17.0984 0480 Mode: Manual;
14:01:17.0984 0480 ============================================================
14:01:18.0765 0480 Abiosdsk - ok
14:01:18.0921 0480 abp480n5 (6abb91494fe6c59089b9336452ab2ea3)
C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
14:01:33.0640 0480 abp480n5 - ok
14:01:34.0000 0480 ACPI (8fd99680a539792a30e97944fdaecf17)
C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:01:34.0031 0480 ACPI - ok
14:01:34.0218 0480 ACPIEC (9859c0f6936e723e4892d7141b1327d5)
C:\WINDOWS\system32\drivers\ACPIEC.sys
14:01:34.0406 0480 ACPIEC - ok
14:01:34.0625 0480 adpu160m (9a11864873da202c996558b2106b0bbc)
C:\WINDOWS\System32\DRIVERS\adpu160m.sys
14:01:34.0828 0480 adpu160m - ok
14:01:35.0015 0480 aeaudio (11c04b17ed2abbb4833694bcd644ac90)
C:\WINDOWS\system32\drivers\aeaudio.sys
14:01:35.0359 0480 aeaudio - ok
14:01:35.0515 0480 aec (8bed39e3c35d6a489438b8141717a557)
C:\WINDOWS\system32\drivers\aec.sys
14:01:35.0531 0480 aec - ok
14:01:35.0750 0480 AFD (e3049b90fe06f3f740b7cfda44995e2c)
C:\WINDOWS\System32\drivers\afd.sys
14:01:35.0781 0480 AFD - ok
14:01:36.0046 0480 agp440 (08fd04aa961bdc77fb983f328334e3d7)
C:\WINDOWS\System32\DRIVERS\agp440.sys
14:01:36.0437 0480 agp440 - ok
14:01:36.0640 0480 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063)
C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
14:01:37.0078 0480 agpCPQ - ok
14:01:37.0421 0480 Aha154x (c23ea9b5f46c7f7910db3eab648ff013)
C:\WINDOWS\System32\DRIVERS\aha154x.sys
14:01:37.0640 0480 Aha154x - ok
14:01:38.0421 0480 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529)
C:\WINDOWS\System32\DRIVERS\aic78u2.sys
14:01:38.0796 0480 aic78u2 - ok
14:01:39.0156 0480 aic78xx (b7fe594a7468aa0132deb03fb8e34326)
C:\WINDOWS\System32\DRIVERS\aic78xx.sys
14:01:39.0343 0480 aic78xx - ok
14:01:39.0546 0480 AliIde (1140ab9938809700b46bb88e46d72a96)
C:\WINDOWS\System32\DRIVERS\aliide.sys
14:01:39.0812 0480 AliIde - ok
14:01:40.0015 0480 alim1541 (cb08aed0de2dd889a8a820cd8082d83c)
C:\WINDOWS\System32\DRIVERS\alim1541.sys
14:01:40.0406 0480 alim1541 - ok
14:01:40.0578 0480 amdagp (95b4fb835e28aa1336ceeb07fd5b9398)
C:\WINDOWS\System32\DRIVERS\amdagp.sys
14:01:40.0968 0480 amdagp - ok
14:01:41.0156 0480 amsint (79f5add8d24bd6893f2903a3e2f3fad6)
C:\WINDOWS\System32\DRIVERS\amsint.sys
14:01:41.0375 0480 amsint - ok
14:01:41.0562 0480 asc (62d318e9a0c8fc9b780008e724283707)
C:\WINDOWS\System32\DRIVERS\asc.sys
14:01:41.0781 0480 asc - ok
14:01:41.0984 0480 asc3350p (69eb0cc7714b32896ccbfd5edcbea447)
C:\WINDOWS\System32\DRIVERS\asc3350p.sys
14:01:42.0203 0480 asc3350p - ok
14:01:42.0406 0480 asc3550 (5d8de112aa0254b907861e9e9c31d597)
C:\WINDOWS\System32\DRIVERS\asc3550.sys
14:01:42.0609 0480 asc3550 - ok
14:01:42.0968 0480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)
C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:01:43.0265 0480 AsyncMac - ok
14:01:43.0406 0480 atapi (9f3a2f5aa6875c72bf062c712cfa2674)
C:\WINDOWS\system32\DRIVERS\atapi.sys
14:01:43.0406 0480 atapi - ok
14:01:43.0546 0480 Atdisk - ok
14:01:43.0765 0480 Atmarpc (9916c1225104ba14794209cfa8012159)
C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:01:44.0265 0480 Atmarpc - ok
14:01:44.0578 0480 audstub (d9f724aa26c010a217c97606b160ed68)
C:\WINDOWS\system32\DRIVERS\audstub.sys
14:01:44.0968 0480 audstub - ok
14:01:45.0140 0480 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff)
C:\WINDOWS\System32\BCM42RLY.SYS
14:01:45.0171 0480 BCM42RLY - ok
14:01:45.0390 0480 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e)
C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:01:45.0671 0480 bcm4sbxp - ok
14:01:45.0953 0480 BCMModem (41347688046d49cde0f6d138a534f73d)
C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:01:45.0968 0480 BCMModem - ok
14:01:46.0187 0480 Beep (da1f27d85e0d1525f6621372e7b685e9)
C:\WINDOWS\system32\drivers\Beep.sys
14:01:46.0187 0480 Beep - ok
14:01:46.0437 0480 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and
Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\201
11123.001\BHDrvx86.sys
14:01:46.0515 0480 BHDrvx86 - ok
14:01:46.0906 0480 bvrp_pci (c915a416f265149471d74e0815c928b2)
C:\WINDOWS\system32\drivers\bvrp_pci.sys
14:01:47.0406 0480 bvrp_pci - ok
14:01:47.0562 0480 BW2NDIS5 - ok
14:01:47.0750 0480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9)
C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
14:01:47.0953 0480 cbidf - ok
14:01:48.0109 0480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)
C:\WINDOWS\system32\drivers\cbidf2k.sys
14:01:48.0109 0480 cbidf2k - ok
14:01:48.0390 0480 ccHP (1fa1c0e73eca849bed29a47c508f7f17)
C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
14:01:48.0437 0480 ccHP - ok
14:01:48.0671 0480 cd20xrnt (f3ec03299634490e97bbce94cd2954c7)
C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
14:02:08.0656 0480 cd20xrnt - ok
14:02:08.0812 0480 Cdaudio (c1b486a7658353d33a10cc15211a873b)
C:\WINDOWS\system32\drivers\Cdaudio.sys
14:02:08.0812 0480 Cdaudio - ok
14:02:09.0031 0480 Cdfs (c885b02847f5d2fd45a24e219ed93b32)
C:\WINDOWS\system32\drivers\Cdfs.sys
14:02:09.0031 0480 Cdfs - ok
14:02:09.0250 0480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe)
C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:02:10.0062 0480 Cdrom - ok
14:02:11.0375 0480 Changer - ok
14:02:12.0203 0480 CmdIde (e5dcb56c533014ecbc556a8357c929d5)
C:\WINDOWS\System32\DRIVERS\cmdide.sys
14:02:12.0515 0480 CmdIde - ok
14:02:12.0703 0480 CO_Mon - ok
14:02:12.0812 0480 Cpqarray (3ee529119eed34cd212a215e8c40d4b6)
C:\WINDOWS\System32\DRIVERS\cpqarray.sys
14:02:13.0031 0480 Cpqarray - ok
14:02:13.0312 0480 dac2w2k (e550e7418984b65a78299d248f0a7f36)
C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
14:02:13.0531 0480 dac2w2k - ok
14:02:13.0750 0480 dac960nt (683789caa3864eb46125ae86ff677d34)
C:\WINDOWS\System32\DRIVERS\dac960nt.sys
14:02:13.0921 0480 dac960nt - ok
14:02:14.0125 0480 Disk (044452051f3e02e7963599fc8f4f3e25)
C:\WINDOWS\system32\DRIVERS\disk.sys
14:02:14.0171 0480 Disk - ok
14:02:15.0093 0480 dmboot (d992fe1274bde0f84ad826acae022a41)
C:\WINDOWS\system32\drivers\dmboot.sys
14:02:15.0671 0480 dmboot - ok
14:02:16.0125 0480 dmio (7c824cf7bbde77d95c08005717a95f6f)
C:\WINDOWS\system32\drivers\dmio.sys
14:02:17.0750 0480 dmio - ok
14:02:18.0109 0480 dmload (e9317282a63ca4d188c0df5e09c6ac5f)
C:\WINDOWS\system32\drivers\dmload.sys
14:02:18.0843 0480 dmload - ok
14:02:19.0187 0480 DMusic (8a208dfcf89792a484e76c40e5f50b45)
C:\WINDOWS\system32\drivers\DMusic.sys
14:02:19.0187 0480 DMusic - ok
14:02:19.0578 0480 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660)
C:\WINDOWS\System32\DRIVERS\dpti2o.sys
14:02:19.0765 0480 dpti2o - ok
14:02:20.0109 0480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)
C:\WINDOWS\system32\drivers\drmkaud.sys
14:02:20.0125 0480 drmkaud - ok
14:02:20.0484 0480 drvmcdb (7f056a52bcba3102d2d37a4a2646c807)
C:\WINDOWS\system32\drivers\drvmcdb.sys
14:02:20.0828 0480 drvmcdb - ok
14:02:21.0125 0480 drvnddm (d3c1e501ed42e77574b3095309dd4075)
C:\WINDOWS\system32\drivers\drvnddm.sys
14:02:21.0140 0480 drvnddm - ok
14:02:21.0375 0480 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program
Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:02:21.0453 0480 eeCtrl - ok
14:02:21.0640 0480 EL90XBC (6e883bf518296a40959131c2304af714)
C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
14:02:21.0765 0480 EL90XBC - ok
14:02:22.0000 0480 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program
Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:02:22.0000 0480 EraserUtilRebootDrv - ok
14:02:22.0218 0480 Fastfat (38d332a6d56af32635675f132548343e)
C:\WINDOWS\system32\drivers\Fastfat.sys
14:02:22.0218 0480 Fastfat - ok
14:02:22.0921 0480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)
C:\WINDOWS\system32\DRIVERS\fdc.sys
14:02:25.0375 0480 Fdc - ok
14:02:25.0687 0480 FileDisk (0694585d54bf46379ce41aee2b6864aa)
C:\WINDOWS\system32\drivers\FileDisk.sys
14:02:25.0687 0480 FileDisk - ok
14:02:26.0437 0480 Fips (d45926117eb9fa946a6af572fbe1caa3)
C:\WINDOWS\system32\drivers\Fips.sys
14:02:26.0437 0480 Fips - ok
14:02:26.0671 0480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)
C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:02:26.0734 0480 Flpydisk - ok
14:02:27.0187 0480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)
C:\WINDOWS\system32\drivers\fltmgr.sys
14:02:27.0500 0480 FltMgr - ok
14:02:28.0593 0480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)
C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:02:28.0625 0480 Fs_Rec - ok
14:02:29.0687 0480 Ftdisk (6ac26732762483366c3969c9e4d2259d)
C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:02:29.0781 0480 Ftdisk - ok
14:02:30.0078 0480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e)
C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:02:31.0875 0480 GEARAspiWDM - ok
14:02:33.0109 0480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)
C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:02:35.0156 0480 Gpc - ok
14:02:35.0781 0480 GTNDIS5 (fc80052194d5708254a346568f0e77c0)
C:\WINDOWS\system32\GTNDIS5.SYS
14:02:36.0015 0480 GTNDIS5 - ok
14:02:36.0718 0480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1)
C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:02:36.0921 0480 HidUsb - ok
14:02:37.0109 0480 hpn (b028377dea0546a5fcfba928a8aefae0)
C:\WINDOWS\System32\DRIVERS\hpn.sys
14:02:37.0156 0480 hpn - ok
14:02:37.0390 0480 HPZid412 (5faba4775d4c61e55ec669d643ffc71f)
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:02:37.0750 0480 HPZid412 - ok
14:02:38.0296 0480 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4)
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:02:38.0359 0480 HPZipr12 - ok
14:02:38.0625 0480 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f)
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:02:38.0890 0480 HPZius12 - ok
14:02:39.0421 0480 HTTP (f6aacf5bce2893e0c1754afeb672e5c9)
C:\WINDOWS\system32\Drivers\HTTP.sys
14:02:39.0828 0480 HTTP - ok
14:02:40.0843 0480 i2omgmt (9368670bd426ebea5e8b18a62416ec28)
C:\WINDOWS\system32\drivers\i2omgmt.sys
14:02:41.0046 0480 i2omgmt - ok
14:02:41.0718 0480 i2omp (f10863bf1ccc290babd1a09188ae49e0)
C:\WINDOWS\System32\DRIVERS\i2omp.sys
14:02:42.0218 0480 i2omp - ok
14:02:42.0484 0480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)
C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:02:42.0656 0480 i8042prt - ok
14:02:43.0453 0480 i81x (06b7ef73ba5f302eecc294cdf7e19702)
C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:02:43.0578 0480 i81x - ok
14:02:43.0953 0480 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23)
C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:02:44.0968 0480 iAimFP0 - ok
14:02:45.0296 0480 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9)
C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:02:47.0125 0480 iAimFP1 - ok
14:02:48.0375 0480 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06)
C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:02:48.0671 0480 iAimFP2 - ok
14:02:49.0531 0480 iAimFP3 (525849b4469de021d5d61b4db9be3a9d)
C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:02:49.0812 0480 iAimFP3 - ok
14:02:50.0593 0480 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c)
C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:02:50.0734 0480 iAimFP4 - ok
14:02:51.0437 0480 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2)
C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:02:51.0484 0480 iAimTV0 - ok
14:02:52.0078 0480 iAimTV1 (ed968d23354daa0d7c621580c012a1f6)
C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:02:52.0312 0480 iAimTV1 - ok
14:02:52.0484 0480 iAimTV2 - ok
14:02:53.0093 0480 iAimTV3 (d738273f218a224c1ddac04203f27a84)
C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:02:53.0218 0480 iAimTV3 - ok
14:02:53.0515 0480 iAimTV4 (0052d118995cbab152daabe6106d1442)
C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:02:53.0546 0480 iAimTV4 - ok
14:02:53.0765 0480 ialm (1406d6ef4436aee970efe13193123965)
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:02:53.0796 0480 ialm - ok
14:02:54.0093 0480 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and
Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\2011
1210.001\IDSxpx86.sys
14:02:54.0125 0480 IDSxpx86 - ok
14:02:54.0515 0480 Imapi (083a052659f5310dd8b6a6cb05edcf8e)
C:\WINDOWS\system32\DRIVERS\imapi.sys
14:02:54.0609 0480 Imapi - ok
14:02:55.0156 0480 ini910u (4a40e045faee58631fd8d91afc620719)
C:\WINDOWS\System32\DRIVERS\ini910u.sys
14:02:55.0203 0480 ini910u - ok
14:02:55.0468 0480 IntelIde (b5466a9250342a7aa0cd1fba13420678)
C:\WINDOWS\System32\DRIVERS\intelide.sys
14:02:55.0531 0480 IntelIde - ok
14:02:55.0859 0480 intelppm (8c953733d8f36eb2133f5bb58808b66b)
C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:02:56.0015 0480 intelppm - ok
14:02:56.0421 0480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0)
C:\WINDOWS\system32\drivers\ip6fw.sys
14:02:56.0421 0480 Ip6Fw - ok
14:02:56.0875 0480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:02:59.0421 0480 IpFilterDriver - ok
14:03:00.0437 0480 IpInIp (b87ab476dcf76e72010632b5550955f5)
C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:03:00.0484 0480 IpInIp - ok
14:03:00.0859 0480 IpNat (cc748ea12c6effde940ee98098bf96bb)
C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:03:00.0953 0480 IpNat - ok
14:03:01.0640 0480 IPSec (23c74d75e36e7158768dd63d92789a91)
C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:03:01.0640 0480 IPSec - ok
14:03:01.0921 0480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)
C:\WINDOWS\system32\DRIVERS\irenum.sys
14:03:01.0968 0480 IRENUM - ok
14:03:02.0156 0480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)
C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:03:02.0203 0480 isapnp - ok
14:03:02.0359 0480 jfdcd - ok
14:03:02.0515 0480 Kbdclass (463c1ec80cd17420a542b7f36a36f128)
C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:03:02.0562 0480 Kbdclass - ok
14:03:03.0031 0480 kbdhid (9ef487a186dea361aa06913a75b3fa99)
C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:03:03.0109 0480 kbdhid - ok
14:03:03.0468 0480 kmixer (692bcf44383d056aed41b045a323d378)
C:\WINDOWS\system32\drivers\kmixer.sys
14:03:03.0515 0480 kmixer - ok
14:03:03.0796 0480 KSecDD (1705745d900dabf2d89f90ebaddc7517)
C:\WINDOWS\system32\drivers\KSecDD.sys
14:03:03.0859 0480 KSecDD - ok
14:03:04.0000 0480 lbrtfdc - ok
14:03:04.0140 0480 MDC8021X (bee76ac58bb524523a84000ba8efe55a)
C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
14:03:04.0140 0480 MDC8021X - ok
14:03:04.0359 0480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)
C:\WINDOWS\system32\drivers\mnmdd.sys
14:03:04.0359 0480 mnmdd - ok
14:03:04.0562 0480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)
C:\WINDOWS\system32\drivers\Modem.sys
14:03:04.0562 0480 Modem - ok
14:03:04.0781 0480 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65)
C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:03:04.0906 0480 MODEMCSA - ok
14:03:05.0390 0480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)
C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:03:05.0531 0480 Mouclass - ok
14:03:05.0703 0480 mouhid (b1c303e17fb9d46e87a98e4ba6769685)
C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:03:05.0703 0480 mouhid - ok
14:03:05.0890 0480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)
C:\WINDOWS\system32\drivers\MountMgr.sys
14:03:05.0921 0480 MountMgr - ok
14:03:06.0093 0480 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737)
C:\WINDOWS\System32\DRIVERS\mraid35x.sys
14:03:06.0140 0480 mraid35x - ok
14:03:06.0515 0480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)
C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:03:06.0531 0480 MRxDAV - ok
14:03:06.0781 0480 MRxSmb (68755f0ff16070178b54674fe5b847b0)
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:03:06.0890 0480 MRxSmb - ok
14:03:07.0859 0480 Msfs (c941ea2454ba8350021d774daf0f1027)
C:\WINDOWS\system32\drivers\Msfs.sys
14:03:08.0093 0480 Msfs - ok
14:03:08.0265 0480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)
C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:03:08.0296 0480 MSKSSRV - ok
14:03:08.0453 0480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)
C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:03:08.0500 0480 MSPCLOCK - ok
14:03:08.0671 0480 MSPQM (bad59648ba099da4a17680b39730cb3d)
C:\WINDOWS\system32\drivers\MSPQM.sys
14:03:08.0703 0480 MSPQM - ok
14:03:08.0953 0480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)
C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:03:09.0000 0480 mssmbios - ok
14:03:09.0578 0480 Mup (2f625d11385b1a94360bfc70aaefdee1)
C:\WINDOWS\system32\drivers\Mup.sys
14:03:09.0703 0480 Mup - ok
14:03:10.0171 0480 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and
Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20
110902.016\NAVENG.SYS
14:03:10.0187 0480 NAVENG - ok
14:03:10.0703 0480 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and
Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20
110902.016\NAVEX15.SYS
14:03:12.0171 0480 NAVEX15 - ok
14:03:12.0734 0480 NDIS (1df7f42665c94b825322fae71721130d)
C:\WINDOWS\system32\drivers\NDIS.sys
14:03:13.0312 0480 NDIS - ok
14:03:13.0500 0480 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f)
C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:03:14.0234 0480 NdisTapi - ok
14:03:14.0640 0480 Ndisuio (f927a4434c5028758a842943ef1a3849)
C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:03:14.0640 0480 Ndisuio - ok
14:03:15.0000 0480 NdisWan (edc1531a49c80614b2cfda43ca8659ab)
C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:03:15.0187 0480 NdisWan - ok
14:03:15.0406 0480 NDProxy (6215023940cfd3702b46abc304e1d45a)
C:\WINDOWS\system32\drivers\NDProxy.sys
14:03:15.0593 0480 NDProxy - ok
14:03:15.0953 0480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)
C:\WINDOWS\system32\DRIVERS\netbios.sys
14:03:16.0171 0480 NetBIOS - ok
14:03:16.0640 0480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)
C:\WINDOWS\system32\DRIVERS\netbt.sys
14:03:16.0734 0480 NetBT - ok
14:03:17.0703 0480 nm (1e421a6bcf2203cc61b821ada9de878b)
C:\WINDOWS\system32\DRIVERS\NMnt.sys
14:03:18.0140 0480 nm - ok
14:03:18.0640 0480 Npfs (3182d64ae053d6fb034f44b6def8034a)
C:\WINDOWS\system32\drivers\Npfs.sys
14:03:18.0734 0480 Npfs - ok
14:03:19.0687 0480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)
C:\WINDOWS\system32\drivers\Ntfs.sys
14:03:20.0046 0480 Ntfs - ok
14:03:20.0312 0480 Null (73c1e1f395918bc2c6dd67af7591a3ad)
C:\WINDOWS\system32\drivers\Null.sys
14:03:20.0312 0480 Null - ok
14:03:20.0968 0480 nv (2b298519edbfcf451d43e0f1e8f1006d)
C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:03:21.0781 0480 nv - ok
14:03:22.0109 0480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:03:22.0187 0480 NwlnkFlt - ok
14:03:22.0609 0480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:03:22.0640 0480 NwlnkFwd - ok
14:03:23.0609 0480 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123)
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:03:26.0156 0480 NwlnkIpx - ok
14:03:26.0750 0480 NwlnkNb (56d34a67c05e94e16377c60609741ff8)
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:03:26.0859 0480 NwlnkNb - ok
14:03:27.0078 0480 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0)
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:03:27.0171 0480 NwlnkSpx - ok
14:03:27.0531 0480 omci (53d5f1278d9edb21689bbbcecc09108d)
C:\WINDOWS\system32\DRIVERS\omci.sys
14:03:29.0859 0480 omci - ok
14:03:30.0062 0480 P3 (c90018bafdc7098619a4a95b046b30f3)
C:\WINDOWS\system32\DRIVERS\p3.sys
14:03:30.0078 0480 P3 - ok
14:03:30.0296 0480 Parport (5575faf8f97ce5e713d108c2a58d7c7c)
C:\WINDOWS\system32\DRIVERS\parport.sys
14:03:30.0375 0480 Parport - ok
14:03:30.0531 0480 PartMgr (beb3ba25197665d82ec7065b724171c6)
C:\WINDOWS\system32\drivers\PartMgr.sys
14:03:30.0562 0480 PartMgr - ok
14:03:30.0796 0480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)
C:\WINDOWS\system32\drivers\ParVdm.sys
14:03:30.0796 0480 ParVdm - ok
14:03:30.0968 0480 PCI (a219903ccf74233761d92bef471a07b1)
C:\WINDOWS\system32\DRIVERS\pci.sys
14:03:31.0015 0480 PCI - ok
14:03:31.0125 0480 PCIDump - ok
14:03:31.0546 0480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0)
C:\WINDOWS\system32\DRIVERS\pciide.sys
14:03:31.0703 0480 PCIIde - ok
14:03:32.0031 0480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)
C:\WINDOWS\system32\drivers\Pcmcia.sys
14:03:32.0140 0480 Pcmcia - ok
14:03:32.0390 0480 PDCOMP - ok
14:03:32.0609 0480 PDFRAME - ok
14:03:32.0734 0480 PDRELI - ok
14:03:32.0859 0480 PDRFRAME - ok
14:03:32.0984 0480 perc2 (6c14b9c19ba84f73d3a86dba11133101)
C:\WINDOWS\System32\DRIVERS\perc2.sys
14:03:33.0015 0480 perc2 - ok
14:03:33.0187 0480 perc2hib (f50f7c27f131afe7beba13e14a3b9416)
C:\WINDOWS\System32\DRIVERS\perc2hib.sys
14:03:33.0234 0480 perc2hib - ok
14:03:33.0593 0480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)
C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:03:33.0718 0480 PptpMiniport - ok
14:03:34.0265 0480 Processor (a32bebaf723557681bfc6bd93e98bd26)
C:\WINDOWS\system32\DRIVERS\processr.sys
14:03:34.0265 0480 Processor - ok
14:03:34.0437 0480 PSched (09298ec810b07e5d582cb3a3f9255424)
C:\WINDOWS\system32\DRIVERS\psched.sys
14:03:34.0531 0480 PSched - ok
14:03:34.0937 0480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)
C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:03:34.0984 0480 Ptilink - ok
14:03:35.0250 0480 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042)
C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:03:35.0421 0480 PxHelp20 - ok
14:03:36.0156 0480 ql1080 (0a63fb54039eb5662433caba3b26dba7)
C:\WINDOWS\System32\DRIVERS\ql1080.sys
14:03:36.0750 0480 ql1080 - ok
14:03:37.0531 0480 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706)
C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
14:03:40.0125 0480 Ql10wnt - ok
14:03:41.0562 0480 ql12160 (156ed0ef20c15114ca097a34a30d8a01)
C:\WINDOWS\System32\DRIVERS\ql12160.sys
14:03:41.0812 0480 ql12160 - ok
14:03:42.0406 0480 ql1240 (70f016bebde6d29e864c1230a07cc5e6)
C:\WINDOWS\System32\DRIVERS\ql1240.sys
14:03:43.0296 0480 ql1240 - ok
14:03:43.0718 0480 ql1280 (907f0aeea6bc451011611e732bd31fcf)
C:\WINDOWS\System32\DRIVERS\ql1280.sys
14:03:43.0781 0480 ql1280 - ok
14:03:44.0781 0480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)
C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:03:45.0546 0480 RasAcd - ok
14:03:45.0734 0480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:03:45.0843 0480 Rasl2tp - ok
14:03:46.0734 0480 RasPppoe (5bc962f2654137c9909c3d4603587dee)
C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:03:46.0859 0480 RasPppoe - ok
14:03:47.0984 0480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)
C:\WINDOWS\system32\DRIVERS\raspti.sys
14:03:48.0328 0480 Raspti - ok
14:03:48.0593 0480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)
C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:03:48.0687 0480 Rdbss - ok
14:03:49.0421 0480 RDPCDD (4912d5b403614ce99c28420f75353332)
C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:03:50.0343 0480 RDPCDD - ok
14:03:51.0140 0480 rdpdr (15cabd0f7c00c47c70124907916af3f1)
C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:03:53.0359 0480 rdpdr - ok
14:03:53.0562 0480 RDPWD (6728e45b66f93c08f11de2e316fc70dd)
C:\WINDOWS\system32\drivers\RDPWD.sys
14:03:53.0593 0480 RDPWD - ok
14:03:53.0765 0480 redbook (f828dd7e1419b6653894a8f97a0094c5)
C:\WINDOWS\system32\DRIVERS\redbook.sys
14:03:53.0812 0480 redbook - ok
14:03:54.0218 0480 RT73 (cb20f16afdba63707fb971e0922edec1)
C:\WINDOWS\system32\DRIVERS\rt73.sys
14:03:54.0500 0480 RT73 - ok
14:03:55.0765 0480 SbcpHid (30d94039a729571146eb9d736ec1aadd)
C:\WINDOWS\system32\Drivers\SbcpHid.sys
14:03:55.0890 0480 SbcpHid - ok
14:03:57.0015 0480 Secdrv (90a3935d05b494a5a39d37e71f09a677)
C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:03:57.0406 0480 Secdrv - ok
14:03:57.0796 0480 serenum (0f29512ccd6bead730039fb4bd2c85ce)
C:\WINDOWS\system32\DRIVERS\serenum.sys
14:03:57.0859 0480 serenum - ok
14:03:58.0187 0480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)
C:\WINDOWS\system32\DRIVERS\serial.sys
14:03:58.0281 0480 Serial - ok
14:03:58.0843 0480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)
C:\WINDOWS\system32\drivers\Sfloppy.sys
14:03:59.0359 0480 Sfloppy - ok
14:04:00.0531 0480 Simbad - ok
14:04:01.0156 0480 sisagp (6b33d0ebd30db32e27d1d78fe946a754)
C:\WINDOWS\System32\DRIVERS\sisagp.sys
14:04:01.0359 0480 sisagp - ok
14:04:02.0296 0480 smwdm (31fd0707c7dbe715234f2823b27214fe)
C:\WINDOWS\system32\drivers\smwdm.sys
14:04:04.0515 0480 smwdm - ok
14:04:05.0281 0480 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84)
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:04:05.0453 0480 SONYPVU1 - ok
14:04:06.0218 0480 Sparrow (83c0f71f86d3bdaf915685f3d568b20e)
C:\WINDOWS\System32\DRIVERS\sparrow.sys
14:04:07.0000 0480 Sparrow - ok
14:04:07.0625 0480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)
C:\WINDOWS\system32\drivers\splitter.sys
14:04:08.0859 0480 splitter - ok
14:04:09.0046 0480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)
C:\WINDOWS\system32\DRIVERS\sr.sys
14:04:09.0109 0480 sr - ok
14:04:09.0593 0480 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a)
C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
14:04:09.0703 0480 SRTSP - ok
14:04:10.0500 0480 SRTSPX (55d5c37ed41231e3ac2063d16df50840)
C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
14:04:10.0953 0480 SRTSPX - ok
14:04:11.0578 0480 Srv (5252605079810904e31c332e241cd59b)
C:\WINDOWS\system32\DRIVERS\srv.sys
14:04:11.0937 0480 Srv - ok
14:04:12.0750 0480 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7)
C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:04:16.0250 0480 sscdbhk5 - ok
14:04:17.0515 0480 ssrtln (7ec8b427cee5c0cdac066320b93f1355)
C:\WINDOWS\system32\drivers\ssrtln.sys
14:04:17.0609 0480 ssrtln - ok
14:04:18.0218 0480 StillCam (a9573045baa16eab9b1085205b82f1ed)
C:\WINDOWS\system32\DRIVERS\serscan.sys
14:04:18.0406 0480 StillCam - ok
14:04:18.0921 0480 swenum (3941d127aef12e93addf6fe6ee027e0f)
C:\WINDOWS\system32\DRIVERS\swenum.sys
14:04:19.0125 0480 swenum - ok
14:04:19.0515 0480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)
C:\WINDOWS\system32\drivers\swmidi.sys
14:04:19.0531 0480 swmidi - ok
14:04:19.0781 0480 symc810 (1ff3217614018630d0a6758630fc698c)
C:\WINDOWS\System32\DRIVERS\symc810.sys
14:04:19.0937 0480 symc810 - ok
14:04:20.0140 0480 symc8xx (070e001d95cf725186ef8b20335f933c)
C:\WINDOWS\System32\DRIVERS\symc8xx.sys
14:04:20.0343 0480 symc8xx - ok
14:04:20.0796 0480 SymDS (56890bf9d9204b93042089d4b45ae671)
C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
14:04:21.0093 0480 SymDS - ok
14:04:21.0343 0480 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b)
C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
14:04:21.0562 0480 SymEFA - ok
14:04:22.0765 0480 SymEvent (961b48b86f94d4cc8ceb483f8aa89374)
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:04:23.0046 0480 SymEvent - ok
14:04:24.0046 0480 SymIM (fcde811209f6e05720676effa36e9a38)
C:\WINDOWS\system32\DRIVERS\SymIM.sys
14:04:24.0218 0480 SymIM - ok
14:04:25.0109 0480 SymIRON (dc80fbf0a348e54853ef82eed4e11e35)
C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
14:04:25.0203 0480 SymIRON - ok
14:04:25.0453 0480 SYMTDI (be6de8fbf2df9f13a90b8b6e943871b7)
C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
14:04:25.0468 0480 SYMTDI - ok
14:04:25.0687 0480 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c)
C:\WINDOWS\System32\DRIVERS\sym_hi.sys
14:04:25.0875 0480 sym_hi - ok
14:04:26.0156 0480 sym_u3 (bf4fab949a382a8e105f46ebb4937058)
C:\WINDOWS\System32\DRIVERS\sym_u3.sys
14:04:26.0343 0480 sym_u3 - ok
14:04:26.0562 0480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)
C:\WINDOWS\system32\drivers\sysaudio.sys
14:04:26.0593 0480 sysaudio - ok
14:04:27.0062 0480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)
C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:04:27.0234 0480 Tcpip - ok
14:04:28.0140 0480 Tcpip6 (fb9f32acc1d3ad523f7ec900b66fc1bb)
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
14:04:28.0390 0480 Tcpip6 - ok
14:04:29.0203 0480 TDPIPE (6471a66807f5e104e4885f5b67349397)
C:\WINDOWS\system32\drivers\TDPIPE.sys
14:04:29.0406 0480 TDPIPE - ok
14:04:30.0140 0480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)
C:\WINDOWS\system32\drivers\TDTCP.sys
14:04:30.0171 0480 TDTCP - ok
14:04:30.0781 0480 TermDD (88155247177638048422893737429d9e)
C:\WINDOWS\system32\DRIVERS\termdd.sys
14:04:34.0843 0480 TermDD - ok
14:04:36.0390 0480 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35)
C:\WINDOWS\system32\dla\tfsnboio.sys
14:04:36.0515 0480 tfsnboio - ok
14:04:37.0531 0480 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f)
C:\WINDOWS\system32\dla\tfsncofs.sys
14:04:37.0546 0480 tfsncofs - ok
14:04:38.0218 0480 tfsndrct (9efb37e7de17d783a059b653f7e8afad)
C:\WINDOWS\system32\dla\tfsndrct.sys
14:04:38.0234 0480 tfsndrct - ok
14:04:39.0218 0480 tfsndres (130254995ebedcb34d62e8d78ec9dbd0)
C:\WINDOWS\system32\dla\tfsndres.sys
14:04:39.0218 0480 tfsndres - ok
14:04:40.0031 0480 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77)
C:\WINDOWS\system32\dla\tfsnifs.sys
14:04:40.0046 0480 tfsnifs - ok
14:04:41.0140 0480 tfsnopio (818047ad850b312705aa17ca96b9427d)
C:\WINDOWS\system32\dla\tfsnopio.sys
14:04:41.0140 0480 tfsnopio - ok
14:04:41.0750 0480 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d)
C:\WINDOWS\system32\dla\tfsnpool.sys
14:04:41.0765 0480 tfsnpool - ok
14:04:42.0796 0480 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed)
C:\WINDOWS\system32\dla\tfsnudf.sys
14:04:42.0968 0480 tfsnudf - ok
14:04:44.0109 0480 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c)
C:\WINDOWS\system32\dla\tfsnudfa.sys
14:04:44.0218 0480 tfsnudfa - ok
14:04:44.0828 0480 TosIde (f2790f6af01321b172aa62f8e1e187d9)
C:\WINDOWS\System32\DRIVERS\toside.sys
14:04:45.0187 0480 TosIde - ok
14:04:46.0515 0480 tunmp (8f861eda21c05857eb8197300a92501c)
C:\WINDOWS\system32\DRIVERS\tunmp.sys
14:04:46.0828 0480 tunmp - ok
14:04:48.0031 0480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)
C:\WINDOWS\system32\drivers\Udfs.sys
14:04:48.0218 0480 Udfs - ok
14:04:49.0109 0480 ultra (1b698a51cd528d8da4ffaed66dfc51b9)
C:\WINDOWS\System32\DRIVERS\ultra.sys
14:04:49.0375 0480 ultra - ok
14:04:50.0671 0480 Update (402ddc88356b1bac0ee3dd1580c76a31)
C:\WINDOWS\system32\DRIVERS\update.sys
14:04:51.0218 0480 Update - ok
14:04:52.0109 0480 usbccgp (173f317ce0db8e21322e71b7e60a27e8)
C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:04:52.0390 0480 usbccgp - ok
14:04:53.0250 0480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)
C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:04:53.0640 0480 usbehci - ok
14:04:54.0453 0480 usbhub (1ab3cdde553b6e064d2e754efe20285c)
C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:04:54.0937 0480 usbhub - ok
14:04:55.0656 0480 usbprint (a717c8721046828520c9edf31288fc00)
C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:04:55.0921 0480 usbprint - ok
14:04:56.0296 0480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4)
C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:04:56.0500 0480 usbscan - ok
14:04:57.0421 0480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9)
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:04:57.0578 0480 USBSTOR - ok
14:04:58.0468 0480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)
C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:04:58.0656 0480 usbuhci - ok
14:04:59.0828 0480 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f)
C:\WINDOWS\system32\DRIVERS\usb8023.sys
14:05:00.0390 0480 USB_RNDIS_XP - ok
14:05:01.0953 0480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)
C:\WINDOWS\System32\drivers\vga.sys
14:05:02.0031 0480 VgaSave - ok
14:05:02.0984 0480 viaagp (754292ce5848b3738281b4f3607eaef4)
C:\WINDOWS\System32\DRIVERS\viaagp.sys
14:05:03.0250 0480 viaagp - ok
14:05:04.0312 0480 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e)
C:\WINDOWS\System32\DRIVERS\viaide.sys
14:05:04.0718 0480 ViaIde - ok
14:05:06.0531 0480 VolSnap (4c8fcb5cc53aab716d810740fe59d025)
C:\WINDOWS\system32\drivers\VolSnap.sys
14:05:07.0156 0480 VolSnap - ok
14:05:08.0437 0480 Wanarp (e20b95baedb550f32dd489265c1da1f6)
C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:05:08.0453 0480 Wanarp - ok
14:05:09.0453 0480 wanatw (0a716c08cb13c3a8f4f51e882dbf7416)
C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:05:09.0765 0480 wanatw - ok
14:05:10.0812 0480 wandrv (85d294b1ba9307c229c099d1699c19ee)
C:\WINDOWS\system32\DRIVERS\wandrv.sys
14:05:10.0984 0480 wandrv - ok
14:05:11.0468 0480 WDICA - ok
14:05:12.0125 0480 wdmaud (6768acf64b18196494413695f0c3a00f)
C:\WINDOWS\system32\drivers\wdmaud.sys
14:05:12.0156 0480 wdmaud - ok
14:05:12.0515 0480 WpdUsb (cf4def1bf66f06964dc0d91844239104)
C:\WINDOWS\system32\Drivers\wpdusb.sys
14:05:12.0625 0480 WpdUsb - ok
14:05:13.0046 0480 WudfPf (f15feafffbb3644ccc80c5da584e6311)
C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:05:13.0250 0480 WudfPf - ok
14:05:14.0093 0480 WudfRd (28b524262bce6de1f7ef9f510ba3985b)
C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:05:14.0203 0480 WudfRd - ok
14:05:14.0640 0480 {6080A529-897E-4629-A488-ABA0C29B635E}
(fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
14:05:14.0796 0480 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
14:05:15.0406 0480 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
(d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
14:05:15.0656 0480 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
14:05:15.0796 0480 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97)
\Device\Harddisk0\DR0
14:05:15.0921 0480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
14:05:15.0921 0480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
14:05:16.0062 0480 Boot (0x1200) (f28ad7fabc145f485a3c02ce8330cd7f)
\Device\Harddisk0\DR0\Partition0
14:05:16.0187 0480 \Device\Harddisk0\DR0\Partition0 - ok
14:05:16.0187 0480 ============================================================
14:05:16.0187 0480 Scan finished
14:05:16.0187 0480 ============================================================
14:05:16.0218 1984 Detected object count: 1
14:05:16.0218 1984 Actual detected object count: 1
14:05:53.0828 1984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on
reboot
14:05:54.0046 1984 \Device\Harddisk0\DR0 - ok
14:05:54.0046 1984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action:
Cure
14:06:10.0437 0544 Deinitialize success


____________________________________________________________


ComboFix 11-12-13.02 - Dad 12/13/2011 15:58:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.557 [GMT -5:00]
Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alison\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dad\Application Data\020000006a61b675741C.manifest
c:\documents and settings\Dad\Application Data\020000006a61b675741O.manifest
c:\documents and settings\Dad\Application Data\020000006a61b675741P.manifest
c:\documents and settings\Dad\Application Data\020000006a61b675741S.manifest
c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\etjbft0f.default\extensions\{597609e5-6039-4aaa-ace5-15a4185bd68c}
c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\etjbft0f.default\extensions\{597609e5-6039-4aaa-ace5-15a4185bd68c}\chrome.manifest
c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\etjbft0f.default\extensions\{597609e5-6039-4aaa-ace5-15a4185bd68c}\chrome\xulcache.jar
c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\etjbft0f.default\extensions\{597609e5-6039-4aaa-ace5-15a4185bd68c}\defaults\preferences\xulcache.js
c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\etjbft0f.default\extensions\{597609e5-6039-4aaa-ace5-15a4185bd68c}\install.rdf
c:\documents and settings\Dad\Application Data\SystemProc
c:\documents and settings\Dad\My Documents\dds scan for malware help.txt
c:\documents and settings\Dad\WINDOWS
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\1.bat
c:\program files\Fast Browser Search\about.html
c:\program files\Fast Browser Search\affid.dat
c:\program files\Fast Browser Search\basis.xml
c:\program files\Fast Browser Search\basis_br.xml
c:\program files\Fast Browser Search\basis_de.xml
c:\program files\Fast Browser Search\basis_en.xml
c:\program files\Fast Browser Search\basis_es.xml
c:\program files\Fast Browser Search\basis_fr.xml
c:\program files\Fast Browser Search\basis_it.xml
c:\program files\Fast Browser Search\basis_nr.xml
c:\program files\Fast Browser Search\basis_pt.xml
c:\program files\Fast Browser Search\basis_ru.xml
c:\program files\Fast Browser Search\basis_tr.xml
c:\program files\Fast Browser Search\ClearRecycleBin.exe
c:\program files\Fast Browser Search\error.html
c:\program files\Fast Browser Search\FBSPlugin.dll
c:\program files\Fast Browser Search\fbsProtection.xml
c:\program files\Fast Browser Search\FbsSearchProvider.xml
c:\program files\Fast Browser Search\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\FBStoolbar.dll
c:\program files\Fast Browser Search\fbstoolbar.jar
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FBStoolbar.exe
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\update.exe
c:\program files\Fast Browser Search\version.txt
c:\program files\Gamevance
c:\program files\Gamevance\ars.cfg
c:\program files\Gamevance\icon.ico
c:\program files\SGPSA
c:\temp\17o7
c:\temp\17o7\tmpTF.log
c:\windows\EventSystem.log
c:\windows\GnuHashes.ini
c:\windows\system\oeminfo.ini
c:\windows\system32\__c0055927.exe
c:\windows\system32\__c00CE0BE.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_007659_.tmp.dll
c:\windows\system32\_007660_.tmp.dll
c:\windows\system32\_007661_.tmp.dll
c:\windows\system32\_007662_.tmp.dll
c:\windows\system32\_007665_.tmp.dll
c:\windows\system32\_007669_.tmp.dll
c:\windows\system32\_007670_.tmp.dll
c:\windows\system32\_007671_.tmp.dll
c:\windows\system32\_007672_.tmp.dll
c:\windows\system32\_007674_.tmp.dll
c:\windows\system32\_007675_.tmp.dll
c:\windows\system32\_007676_.tmp.dll
c:\windows\system32\_007678_.tmp.dll
c:\windows\system32\_007679_.tmp.dll
c:\windows\system32\_007681_.tmp.dll
c:\windows\system32\_007682_.tmp.dll
c:\windows\system32\_007683_.tmp.dll
c:\windows\system32\_007685_.tmp.dll
c:\windows\system32\_007688_.tmp.dll
c:\windows\system32\_007689_.tmp.dll
c:\windows\system32\_007693_.tmp.dll
c:\windows\system32\_007694_.tmp.dll
c:\windows\system32\_007696_.tmp.dll
c:\windows\system32\_007698_.tmp.dll
c:\windows\system32\_007699_.tmp.dll
c:\windows\system32\_007700_.tmp.dll
c:\windows\system32\_007701_.tmp.dll
c:\windows\system32\_007702_.tmp.dll
c:\windows\system32\_007703_.tmp.dll
c:\windows\system32\_007704_.tmp.dll
c:\windows\system32\_007705_.tmp.dll
c:\windows\system32\_007706_.tmp.dll
c:\windows\system32\_007709_.tmp.dll
c:\windows\system32\_007710_.tmp.dll
c:\windows\system32\_007711_.tmp.dll
c:\windows\system32\_007712_.tmp.dll
c:\windows\system32\_007713_.tmp.dll
c:\windows\system32\_007718_.tmp.dll
c:\windows\system32\_007720_.tmp.dll
c:\windows\system32\_007721_.tmp.dll
c:\windows\system32\1650139410
c:\windows\system32\1650139410\new.i4
c:\windows\system32\aycdd.ini
c:\windows\system32\C__Documents and Settings_LocalService_Local Settings_Temporary Internet Files_Content.IE5_7LI6Z98T_CA870OTA.HTM
c:\windows\system32\ddabx.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\pqtss.ini
c:\windows\system32\regobj.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\rttss.ini
c:\windows\system32\smpi1
c:\windows\system32\smpi1\lpc22.exe
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u171121711v0
c:\windows\system32\SysWoW32\@u171121711v1
c:\windows\system32\SysWoW32\@u171121711v2
c:\windows\system32\SysWoW32\@u171121711v3
c:\windows\system32\SysWoW32\@u171121711v5
c:\windows\system32\SysWoW32\@u171121711v6
c:\windows\system32\SysWoW32\@u171121711v7
c:\windows\system32\SysWoW32\_u171121711v0
c:\windows\system32\SysWoW32\_u171121711v1
c:\windows\system32\SysWoW32\_u171121711v1.0
c:\windows\system32\SysWoW32\_u171121711v2
c:\windows\system32\SysWoW32\_u171121711v3
c:\windows\system32\SysWoW32\_u171121711v5
c:\windows\system32\SysWoW32\_u171121711v6
c:\windows\system32\SysWoW32\_u171121711v7
c:\windows\system32\SysWoW32\mu171121711v4.kwd
c:\windows\system32\SysWoW32\mu171121711v5.kwd
c:\windows\system32\SysWoW32\mu171121711v6.kwd
c:\windows\system32\SysWoW32\mu171121711v7.kwd
c:\windows\system32\SysWoW32\wu171121711v0
c:\windows\system32\SysWoW32\wu171121711v0.kwd
c:\windows\system32\SysWoW32\wu171121711v1
c:\windows\system32\SysWoW32\wu171121711v1.kwd
c:\windows\system32\SysWoW32\wu171121711v2
c:\windows\system32\SysWoW32\wu171121711v2.kwd
c:\windows\system32\SysWoW32\wu171121711v3
c:\windows\system32\SysWoW32\wu171121711v3.kwd
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\SYSTEM32\xbadd.bak1
c:\windows\SYSTEM32\xbadd.bak2
c:\windows\SYSTEM32\xbadd.ini
c:\windows\SYSTEM32\xbadd.ini2
c:\windows\zaponce53173.dat
c:\windows\zaponce53290.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_REMOTEACCESS
-------\Legacy_USNJSVC
-------\Service_RemoteAccess
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-07 01:56 . 2011-12-07 01:58 -------- d-----w- c:\program files\Cobian Backup 8
2011-12-06 23:32 . 2011-12-06 23:32 -------- d-----w- C:\ERDNT
2011-12-06 23:32 . 2011-12-06 23:32 -------- d-----w- c:\windows\ERUNT
2011-12-06 23:31 . 2011-12-06 23:32 -------- d-----w- C:\!FixIEDef
2011-12-06 23:26 . 2011-12-06 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Arovax
2011-12-06 23:26 . 2011-12-13 21:53 -------- d-----w- c:\program files\Arovax AntiSpyware
2011-12-06 23:24 . 2011-12-06 23:24 -------- d-----w- c:\documents and settings\Dad\Application Data\CBS Interactive
2011-12-04 23:32 . 2011-12-04 23:43 -------- d-----w- c:\documents and settings\TEMP.D3R66341
2011-12-02 02:51 . 2011-12-02 02:52 -------- d-----w- c:\documents and settings\Administrator.D3R66341.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 18:49 . 2011-11-05 18:49 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-24 12:53 . 2011-04-25 01:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-26 19:04 203776 --sh--w- c:\windows\SYSTEM32\unrar.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-12 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-12 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-12 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-12 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll
[-] 2004-08-12 13:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2004-08-12 13:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\SYSTEM32\comres.dll
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-12 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-12 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe
[-] 2004-05-27 . E7F9D2E4E4A94A6F58014E5FFA16A65E . 483328 . . [5.1.2600.1557] . . c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-12 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-12 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\cryptsvc.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-12 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-12 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\imm32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\windows\mswincrt\msvcrt.dll
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SYSTEM32\msvcrt.dll
[7] 2004-08-12 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-12 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\MSVCRT.DLL
.
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2004-06-17 . 31FB2D788A9AA618452C02E8375B6DCD . 560128 . . [5.1.2600.1561] . . c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\user32.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2help.dll
[-] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
[-] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\SYSTEM32\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ctfmon.exe
.
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\srsvc.dll
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\eventlog.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\hnetcfg.dll
[-] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
[-] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\hnetcfg.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SYSTEM32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2002-11-27 01:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
.
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\SYSTEM32\upnphost.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ddraw.dll
[-] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\SYSTEM32\ddraw.dll
[-] 2002-12-12 06:14 . 61CC64C43BEC193100E3722F6CF4B1E1 . 284160 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\olepro32.dll
[-] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\olepro32.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\version.dll
[-] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
[-] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\version.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\w32time.dll
[-] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
[-] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\SYSTEM32\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\midimap.dll
[-] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
[-] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\SYSTEM32\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Arovax AntiSpyware"="c:\program files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-25 98304]
.
c:\documents and settings\Dad\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Dad\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-8-30 2620416]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Dad\Application Data\iolo"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv7CC]
@="service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
backup=c:\windows\pss\Auto Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-12 13:56 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-07-17 12:32 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2008-05-06 20:48 764776 ----a-w- c:\program files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
2008-05-06 20:49 487784 ----a-w- c:\program files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\Cab\\MainRegister\\CabDirectory.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\Orb.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\OrbClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\OrbStreamer.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\MiTVStreamerClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\Orb3GPStreamerClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBServices\\HelixEncoder\\Producer\\MiRMStreamerClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\rtspServer.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\OrbMedia.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\OrbTVXML.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\xmltv.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\OrbIR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Server
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"56412:TCP"= 56412:TCPando Media Booster
"56412:UDP"= 56412:UDPando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\symds.sys [10/31/2011 5:08 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\symefa.sys [10/31/2011 5:08 PM 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [11/29/2011 8:24 PM 819320]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\cchpx86.sys [10/31/2011 5:08 PM 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\ironx86.sys [10/31/2011 5:08 PM 116784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 10:32 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111212.002\IDSXpx86.sys [12/13/2011 3:10 PM 356280]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 jfdcd;jfdcd;\??\c:\docume~1\Dad\LOCALS~1\Temp\jfdcd.sys --> c:\docume~1\Dad\LOCALS~1\Temp\jfdcd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv7CC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2011-12-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 15:12]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
DPF: Bowling by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/bowling/bowling-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/lottso/lottso-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Word Whomp by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/whackdown/whackdown-en_US.cab
DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} - hxxp://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
DPF: {EC8C56B1-D027-4AB2-AF63-F845CCEE59B5} - hxxps://billmanager.aol.com/billmanager/installs/csd/https%253A%252F%252Fbillmanager.aol.com%252Fbillmanager/AutologinHelper.cab
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\etjbft0f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
Notify-opnomjj - opnomjj.dll
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-F-Secure Manager - c:\program files\Embarq Online Security 8\Common\FSM32.EXE
MSConfigStartUp-F-Secure TNB - c:\program files\Embarq Online Security 8\FSGUI\TNBUtil.exe
MSConfigStartUp-Genuine - c:\windows\system32\tteyacav.dll
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Window Washer - c:\program files\Webroot\Washer\wwDisp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-13 16:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srv7CC]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv7CC.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\System32\msdtc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\ORB Networks\ORB\Cab\MainRegister\CabDirectory.exe
c:\windows\system32\imapi.exe
c:\program files\iolo\common\lib\ioloServiceManager.exe
c:\program files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
c:\program files\ORB Networks\ORB\ORBServices\OrbMediaService\OrbMediaService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\locator.exe
c:\windows\system32\dllhost.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-12-13 17:20:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-13 22:20
.
Pre-Run: 12,317,597,696 bytes free
Post-Run: 12,478,586,880 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noexecute=optout
.
- - End Of File - - B8DBA48EE4EDD22FEEEF5B941BCA4FFA


As of this moment this PC is running 100% better and I am so grateful. First thing I noticed was my sound returned , so glad. I will have more time to play with this unit tomorrow and will be able to give you a more in debt description on how the computer is running at that time, until then the logs you have requested are posted above and I think your a god of computers, thank you for your continued help. Your the best

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:56 AM

Posted 13 December 2011 - 10:41 PM

Hello,


We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Rootkit::
C:WINDOWS\Temp\srv7CC.tmp

NetSvc::
srv7CC

Driver::
srv7CC
jfdcd
BW2NDIS5

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

Fcopy::
c:\windows\ServicePackFiles\i386\browser.dll | c:\windows\$NtServicePackUninstall$\browser.dll
c:\windows\ServicePackFiles\i386\browser.dll | c:\windows\SYSTEM32\browser.dll
c:\windows\ServicePackFiles\i386\lsass.exe | c:\windows\$NtServicePackUninstall$\lsass.exe
c:\windows\ServicePackFiles\i386\lsass.exe | c:\windows\SYSTEM32\lsass.exe
c:\windows\ServicePackFiles\i386\netman.dll | c:\windows\$NtServicePackUninstall$\netman.dll
c:\windows\ServicePackFiles\i386\netman.dll | c:\windows\SYSTEM32\netman.dll
c:\windows\ServicePackFiles\i386\netman.dll | c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
c:\windows\ServicePackFiles\i386\comres.dll | c:\windows\$NtServicePackUninstall$\comres.dll
c:\windows\ServicePackFiles\i386\comres.dll | c:\windows\SYSTEM32\comres.dll
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\$NtServicePackUninstall$\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\SYSTEM32\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
c:\windows\ServicePackFiles\i386\cryptsvc.dll | c:\windows\$NtServicePackUninstall$\cryptsvc.dll
c:\windows\ServicePackFiles\i386\cryptsvc.dll | c:\windows\SYSTEM32\cryptsvc.dll
c:\windows\ServicePackFiles\i386\imm32.dll | c:\windows\$NtServicePackUninstall$\imm32.dll
c:\windows\ServicePackFiles\i386\imm32.dll | c:\windows\SYSTEM32\imm32.dll
c:\windows\ServicePackFiles\i386\linkinfo.dll | c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
c:\windows\ServicePackFiles\i386\linkinfo.dll | c:\windows\$NtServicePackUninstall$\linkinfo.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2.
Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

Edited by fireman4it, 13 December 2011 - 10:41 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 14 December 2011 - 09:28 AM

I copied the log and dragged it to combo and allowed it to run at which time I received a windows error and my system shut down. I disabled the security in the same manner as last time. Files vanished during this error session as firefox no longer runs i recieve and error code that states "This application has failed to start because IMM32.dll was not found. Re-installing the application may fix this problem"

After this is all over Ithink I might need your help deleting firefox from my computer completely and installing a better browser if you do not mind. I hate to lose all my saved passwords but firefox has a memory leak anyway.

So during the drag and combo scan before the error code it prompted that a new version of combo was available, do you want me to retry with the newer verson ?

#8 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 14 December 2011 - 09:30 AM

also during the scan my firewall prompted me, which is odd cause it was asking me to disable it which I was certin i had done

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:56 AM

Posted 14 December 2011 - 11:39 AM

Hello,

Please go ahead and run Combofix again without the script this time. Then proceed with the Kaspersky scan. I'm trying to see if you have a certain infection or not.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 14 December 2011 - 08:46 PM

I ran the combo fox and the K scan, wow that was a lengthy scan. The K scan detected two threats which are posted below. The Kscan asks me to download their software to disenfect these , I have not opted to do so with out hearing from you first.

Here is the second combo log

ComboFix 11-12-13.02 - Dad 12/14/2011 11:55:00.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.786 [GMT -5:00]
Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dad\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14
)))))))))))))))))))))))))))))))
.
.
2011-12-07 01:56 . 2011-12-07 01:58 -------- d-----w- c:\program files\Cobian Backup 8
2011-12-06 23:32 . 2011-12-06 23:32 -------- d-----w- C:\ERDNT
2011-12-06 23:32 . 2011-12-06 23:32 -------- d-----w- c:\windows\ERUNT
2011-12-06 23:31 . 2011-12-06 23:32 -------- d-----w- C:\!FixIEDef
2011-12-06 23:26 . 2011-12-06 23:26 -------- d-----w- c:\documents and settings\All
Users\Application Data\Arovax
2011-12-06 23:26 . 2011-12-14 16:47 -------- d-----w- c:\program files\Arovax AntiSpyware
2011-12-06 23:24 . 2011-12-06 23:24 -------- d-----w- c:\documents and
settings\Dad\Application Data\CBS Interactive
2011-12-04 23:32 . 2011-12-04 23:43 -------- d-----w- c:\documents and
settings\TEMP.D3R66341
2011-12-02 02:51 . 2011-12-02 02:52 -------- d-----w- c:\documents and
settings\Administrator.D3R66341.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 18:49 . 2011-11-05 18:49 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-24 12:53 . 2011-04-25 01:00 142296 ----a-w- c:\program files\mozilla
firefox\components\browsercomps.dll
2010-01-26 19:04 203776 --sh--w- c:\windows\SYSTEM32\unrar.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . .
c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . .
c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . .
c:\windows\SYSTEM32\linkinfo.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\win
dows\mswincrt\msvcrt.dll
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\win
dows\mswincrt\msvcrt.dll
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-
ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . .
c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . .
c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . .
c:\windows\SYSTEM32\msvcrt.dll
[7] 2004-08-12 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_272
6e76a\msvcrt.dll
[-] 2004-08-12 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-
ww_b2505ed9\msvcrt.dll
[-] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8
862ba3\MSVCRT.DLL
.
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . .
c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . .
c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . .
c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . .
c:\windows\SYSTEM32\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . .
c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . .
c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . .
c:\windows\SYSTEM32\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . .
c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . .
c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . .
c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . .
c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2004-06-17 . 31FB2D788A9AA618452C02E8375B6DCD . 560128 . . [5.1.2600.1561] . .
c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\user32.dl
l
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2help.dll
[-] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ws2help.dll
[-] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . .
c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . .
c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . .
c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . .
c:\windows\$NtServicePackUninstall$\explorer.exe
.
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . .
c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . .
c:\windows\SYSTEM32\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . .
c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . .
c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . .
c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ctfmon.exe
.
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . .
c:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . .
c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . .
c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . .
c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\srsvc.dll
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\eventlog.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\hnetcfg.dll
[-] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\hnetcfg.dll
[-] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\hnetcfg.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . .
c:\windows\SYSTEM32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . .
c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . .
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . .
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . .
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSN
Sv.dll
[-] 2002-11-27 01:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . .
c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
.
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . .
c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . .
c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . .
c:\windows\SYSTEM32\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . .
c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . .
c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . .
c:\windows\SYSTEM32\upnphost.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . .
c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ddraw.dll
[-] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . .
c:\windows\SYSTEM32\ddraw.dll
[-] 2002-12-12 06:14 . 61CC64C43BEC193100E3722F6CF4B1E1 . 284160 . . [5.3.0000000.900
built by: DIRECTX] . .
c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\olepro32.dll
[-] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\olepro32.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\version.dll
[-] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\version.dll
[-] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\version.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\w32time.dll
[-] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\w32time.dll
[-] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . .
c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . .
c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . .
c:\windows\SYSTEM32\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\midimap.dll
[-] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\midimap.dll
[-] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . .
c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . .
c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . .
c:\windows\SYSTEM32\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-13_21.54.24
)))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 16:47 . 2011-12-14 16:47 16384
c:\windows\Temp\Perflib_Perfdata_300.dat
+ 2011-12-14 16:45 . 2011-12-14 16:45 16384
c:\windows\Temp\Perflib_Perfdata_20c.dat
- 2008-12-24 17:31 . 2004-08-12 13:59 13312 c:\windows\SYSTEM32\lsass.exe
+ 2008-12-24 17:31 . 2008-04-14 00:12 13312 c:\windows\SYSTEM32\lsass.exe
+ 2008-12-24 17:31 . 2008-04-14 00:12 13312
c:\windows\SYSTEM32\DLLCACHE\lsass.exe
+ 2008-12-24 17:31 . 2008-04-14 00:11 77824
c:\windows\SYSTEM32\DLLCACHE\browser.dll
+ 2008-12-24 17:31 . 2008-04-14 00:11 62464 c:\windows\SYSTEM32\cryptsvc.dll
+ 2008-12-24 17:31 . 2008-04-14 00:11 77824 c:\windows\SYSTEM32\browser.dll
+ 2009-09-09 20:13 . 2008-04-14 00:12 13312
c:\windows\$NtServicePackUninstall$\lsass.exe
- 2009-09-09 20:13 . 2004-08-12 13:59 13312
c:\windows\$NtServicePackUninstall$\lsass.exe
+ 2009-09-09 20:13 . 2008-04-14 00:11 62464
c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2009-09-09 20:13 . 2008-04-14 00:11 77824
c:\windows\$NtServicePackUninstall$\browser.dll
+ 2008-12-24 17:30 . 2008-04-14 00:12 507904
c:\windows\SYSTEM32\winlogon.exe
+ 2008-12-24 17:31 . 2008-04-14 00:12 198144 c:\windows\SYSTEM32\netman.dll
+ 2008-12-24 17:31 . 2008-04-14 00:12 198144
c:\windows\SYSTEM32\DLLCACHE\netman.dll
+ 2008-12-24 17:31 . 2008-04-14 00:11 792064 c:\windows\SYSTEM32\comres.dll
- 2008-12-24 17:31 . 2004-08-12 13:56 792064 c:\windows\SYSTEM32\comres.dll
+ 2009-09-09 20:12 . 2008-04-14 00:12 507904
c:\windows\$NtServicePackUninstall$\winlogon.exe
+ 2009-09-09 20:12 . 2008-04-14 00:12 198144
c:\windows\$NtServicePackUninstall$\netman.dll
- 2009-09-09 20:13 . 2004-08-12 13:58 110080
c:\windows\$NtServicePackUninstall$\imm32.dll
+ 2009-09-09 20:13 . 2008-04-14 00:11 110080
c:\windows\$NtServicePackUninstall$\imm32.dll
- 2009-09-09 20:13 . 2004-08-12 13:56 792064
c:\windows\$NtServicePackUninstall$\comres.dll
+ 2009-09-09 20:13 . 2008-04-14 00:11 792064
c:\windows\$NtServicePackUninstall$\comres.dll
+ 2005-08-22 18:24 . 2008-04-14 00:12 198144
c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program
files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program
files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program
files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Arovax AntiSpyware"="c:\program files\Arovax
AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe"
[2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe"
[2009-06-05 843776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-25
98304]
.
c:\documents and settings\Dad\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Dad\Application Data\CBS
Interactive\CNET TechTracker\TechTracker.exe [2011-8-30 2620416]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and
settings\Dad\Application Data\iolo
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv7CC]
@="service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Auto Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
backup=c:\windows\pss\Auto Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^AOL
Desktop.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg
Scheduler V3.exe]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-12 13:56 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-07-17 12:32 160592 ----a-w- c:\program files\Siber Systems\AI
RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2008-05-06 20:48 764776 ----a-w- c:\program files\iolo\System Mechanic Professional
7\SMSystemAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SystemGuardAlerter]
2008-05-06 20:49 487784 ----a-w- c:\program files\iolo\System Mechanic Professional
7\SystemGuardAlerter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicat
ions\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\Cab\\MainRegister\\CabDirectory.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\Orb.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\OrbClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\OrbStreamer.exe"=
"c:\\Program Files\\ORB
Networks\\ORB\\ORBTV\\OrbStreamer\\MiTVStreamerClient.exe"=
"c:\\Program Files\\ORB
Networks\\ORB\\ORBTV\\OrbStreamer\\Orb3GPStreamerClient.exe"=
"c:\\Program Files\\ORB
Networks\\ORB\\ORBServices\\HelixEncoder\\Producer\\MiRMStreamerClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\rtspServer.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\OrbMedia.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\OrbTVXML.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\xmltv.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\OrbIR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\
List]
"67:UDP"= 67:UDP:DHCP Server
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"56412:TCP"= 56412:TCP:Pando Media Booster
"56412:UDP"= 56412:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\symds.sys
[10/31/2011 5:08 PM 328752]
R0 SymEFA;Symantec Extended File
Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\symefa.sys [10/31/2011 5:08 PM
173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\201
11123.001\BHDrvx86.sys [11/29/2011 8:24 PM 819320]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\cchpx86.sys
[10/31/2011 5:08 PM 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\ironx86.sys
[10/31/2011 5:08 PM 116784]
R2 CabDirectory;CabDirectory;c:\program files\ORB
Networks\ORB\Cab\MainRegister\CabDirectory.exe [6/29/2005 9:58 AM 417792]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program
files\iolo\Common\Lib\ioloServiceManager.exe [12/22/2007 6:41 PM 566120]
R2 ioloSystemService;iolo System Service;c:\program
files\iolo\Common\Lib\ioloServiceManager.exe [12/22/2007 6:41 PM 566120]
R2 N360;Norton Security Suite;c:\program files\Norton Security
Suite\Engine\4.4.0.12\ccsvchst.exe [10/31/2011 5:07 PM 126400]
R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network
Monitor\WLService.exe [7/16/2008 6:59 PM 41025]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec
Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 10:32 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\2011
1212.002\IDSXpx86.sys [12/13/2011 3:10 PM 356280]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai
[12/24/2008 12:31 PM 14336]
S2 srv7CC;srv7CC;c:\windows\system32\svchost.exe -k netsvcs [12/24/2008 12:31 PM 14336]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys -->
c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 jfdcd;jfdcd;\??\c:\docume~1\Dad\LOCALS~1\Temp\jfdcd.sys -->
c:\docume~1\Dad\LOCALS~1\Temp\jfdcd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv7CC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2011-12-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14
15:12]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application
Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
IE: Open Picture in &Microsoft PhotoDraw -
c:\progra~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program
files\PartyGaming\PartyCasino\RunApp.exe
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} -
c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} -
c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
DPF: Bowling by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/bowling/bowling-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/lottso/lottso-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Word Whomp by pogo -
hxxp://game3.pogo.com/v/9.0.5.4/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo -
hxxp://game3.pogo.com/v/9.0.5.4/applet/whackdown/whackdown-en_US.cab
DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} -
hxxp://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
DPF: {EC8C56B1-D027-4AB2-AF63-F845CCEE59B5} -
hxxps://billmanager.aol.com/billmanager/installs/csd/https%253A%252F%252Fbillmanager.aol.c
om%252Fbillmanager/AutologinHelper.cab
FF - ProfilePath - c:\documents and settings\Dad\Application
Data\Mozilla\Firefox\Profiles\etjbft0f.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.
net
Rootkit scan 2011-12-14 12:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security
Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program
files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common
files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srv7CC]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv7CC.tmp
"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-14 12:33:02
ComboFix-quarantined-files.txt 2011-12-14 17:32
ComboFix2.txt 2011-12-13 22:20
.
Pre-Run: 12,379,746,304 bytes free
Post-Run: 12,413,595,648 bytes free
.
- - End Of File - - EC005557C90F8A20752FB504D88E0A63

************************************************

This is the results from the Kscan, please advise how to proceed:

Status: Detected (events: 2)
12/14/2011 7:06:03 PM Detected adware not-a-virus:AdWare.Win32.Gamevance.hpyk C:\System
Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1513\A0688676.exe Medium
12/14/2011 7:06:06 PM Detected adware not-a-virus:AdWare.Win32.Gamevance.hpyk C:\System
Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1513\A0688677.exe Medium


\At this time I have not selected any action to allow the Kscan to resolve these issues

#11 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 14 December 2011 - 08:50 PM

The Kscan results posted above are only Detected threats when trying to post the automatic scan report the Kscan program froze and it still unresponsive

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:56 AM

Posted 15 December 2011 - 12:20 AM

We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Killall::

Rootkit::
C:WINDOWS\Temp\srv7CC.tmp

NetSvc::
srv7CC

Driver::
srv7CC
jfdcd
BW2NDIS5

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Things to include in your next reply::
Combofix.txt
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 15 December 2011 - 11:57 AM

Below are the combo log third run and the malware log you requested.

Im concerned after the Malware scan completed it shut down and restarted the computer as stated it may, however by doing so my computer auto runs Arovax antispy software. I abort the scan and shut it off as fast as possible. The incomplete scan at startup showed back door trojans. Should I be concerned?

My firefox browser does not work , which is fine as I stated I need to remove it and find a better browser to use, however at this time only Internet Explorer does function as a browser and doesn't accept cookies and has always ran very slowly , so as for that section of computer performance, I can't honestly give a comment on hows it running as I don't have anything to compare it with never using IE in the past.

I did not receive error prompts from windows at start up which is a huge improvement from last restart. Very pleased and extremely thankful for all the help you are giving me . Thank you. Please advice what I should do next.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8376

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2011 11:34:59 AM
mbam-log-2011-12-15 (11-34-59).txt

Scan type: Quick scan
Objects scanned: 257696
Time elapsed: 14 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{C7F00A9A-F1BC-436E-82C7-E8CAE6FD67F7} (Trojan.Downloader)
-> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450B9E4D-4014-4DE3-B34E-014A81468293} (Trojan.Downloader)
-> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5
-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5
-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230
-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230
-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE
-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE
-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay (Adware.MyWaySearch) -> Quarantined and deleted
successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Alison\local settings\Temp\Crack (RiskTool.P2P.H) ->
Quarantined and deleted successfully.

Files Infected:
c:\x345.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Alison\local
settings\Temp\Crack\ls_divx_5.0_pro_bundle_patch.exe (RiskTool.P2P.H) -> Quarantined
and deleted successfully.


*****************************************************************************8

ComboFix 11-12-15.02 - Dad 12/15/2011 9:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.673 [GMT -5:00]
Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BW2NDIS5
-------\Legacy_JFDCD
-------\Legacy_SRV7CC
-------\Service_BW2NDIS5
-------\Service_jfdcd
-------\Service_srv7CC
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15
)))))))))))))))))))))))))))))))
.
.
2011-12-07 01:56 . 2011-12-07 01:58 -------- d-----w- c:\program files\Cobian Backup 8
2011-12-06 23:32 . 2011-12-06 23:32 -------- d-----w- C:\ERDNT
2011-12-06 23:32 . 2011-12-06 23:32 -------- d-----w- c:\windows\ERUNT
2011-12-06 23:31 . 2011-12-06 23:32 -------- d-----w- C:\!FixIEDef
2011-12-06 23:26 . 2011-12-06 23:26 -------- d-----w- c:\documents and settings\All
Users\Application Data\Arovax
2011-12-06 23:26 . 2011-12-15 15:29 -------- d-----w- c:\program files\Arovax AntiSpyware
2011-12-06 23:24 . 2011-12-06 23:24 -------- d-----w- c:\documents and
settings\Dad\Application Data\CBS Interactive
2011-12-04 23:32 . 2011-12-04 23:43 -------- d-----w- c:\documents and
settings\TEMP.D3R66341
2011-12-02 02:51 . 2011-12-02 02:52 -------- d-----w- c:\documents and
settings\Administrator.D3R66341.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 18:49 . 2011-11-05 18:49 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-24 12:53 . 2011-04-25 01:00 142296 ----a-w- c:\program files\mozilla
firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . .
c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . .
c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . .
c:\windows\SYSTEM32\linkinfo.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\win
dows\mswincrt\msvcrt.dll
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\win
dows\mswincrt\msvcrt.dll
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-
ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . .
c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . .
c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . .
c:\windows\SYSTEM32\msvcrt.dll
[7] 2004-08-12 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_272
6e76a\msvcrt.dll
[-] 2004-08-12 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-
ww_b2505ed9\msvcrt.dll
[-] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . .
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8
862ba3\MSVCRT.DLL
.
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . .
c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . .
c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . .
c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . .
c:\windows\SYSTEM32\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . .
c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . .
c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . .
c:\windows\SYSTEM32\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . .
c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . .
c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . .
c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . .
c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2004-06-17 . 31FB2D788A9AA618452C02E8375B6DCD . 560128 . . [5.1.2600.1561] . .
c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\user32.dl
l
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2help.dll
[-] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ws2help.dll
[-] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . .
c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . .
c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . .
c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . .
c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . .
c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3gdr\ole32.dll

[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . .
c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3qfe\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . .
c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . .
c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . .
c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . .
c:\windows\SYSTEM32\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . .
c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . .
c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . .
c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . .
c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\sp3gdr\shsvcs.dl
l
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . .
c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\sp3qfe\shsvcs.dl
l
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . .
c:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . .
c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . .
c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . .
c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\srsvc.dll
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\eventlog.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\hnetcfg.dll
[-] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\hnetcfg.dll
[-] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\hnetcfg.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . .
c:\windows\SYSTEM32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . .
c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . .
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . .
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . .
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSN
Sv.dll
[-] 2002-11-27 01:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . .
c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
.
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . .
c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . .
c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-12 14:02 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . .
c:\windows\SYSTEM32\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . .
c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . .
c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . .
c:\windows\SYSTEM32\upnphost.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . .
c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ddraw.dll
[-] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . .
c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . .
c:\windows\SYSTEM32\ddraw.dll
[-] 2002-12-12 06:14 . 61CC64C43BEC193100E3722F6CF4B1E1 . 284160 . . [5.3.0000000.900
built by: DIRECTX] . .
c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\olepro32.dll
[-] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2004-08-12 14:03 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\olepro32.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\version.dll
[-] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\version.dll
[-] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\version.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\w32time.dll
[-] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\w32time.dll
[-] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . .
c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . .
c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . .
c:\windows\SYSTEM32\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\midimap.dll
[-] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . .
c:\windows\$NtServicePackUninstall$\midimap.dll
[-] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . .
c:\windows\SYSTEM32\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . .
c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . .
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . .
c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . .
c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . .
c:\windows\SYSTEM32\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-13_21.54.24
)))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 15:27 . 2011-12-15 15:27 16384
c:\windows\Temp\Perflib_Perfdata_dc8.dat
+ 2011-12-15 15:28 . 2011-12-15 15:28 16384
c:\windows\Temp\Perflib_Perfdata_358.dat
+ 2011-12-14 16:47 . 2011-12-14 16:47 16384
c:\windows\Temp\Perflib_Perfdata_300.dat
+ 2011-12-15 15:26 . 2011-12-15 15:26 16384
c:\windows\Temp\Perflib_Perfdata_294.dat
- 2008-12-24 17:31 . 2004-08-12 13:59 13312 c:\windows\SYSTEM32\lsass.exe
+ 2008-12-24 17:31 . 2008-04-14 00:12 13312 c:\windows\SYSTEM32\lsass.exe
+ 2008-12-24 17:31 . 2008-04-14 00:12 13312
c:\windows\SYSTEM32\DLLCACHE\lsass.exe
+ 2008-12-24 17:31 . 2008-04-14 00:11 77824
c:\windows\SYSTEM32\DLLCACHE\browser.dll
+ 2008-12-24 17:31 . 2008-04-14 00:11 62464 c:\windows\SYSTEM32\cryptsvc.dll
+ 2008-12-24 17:31 . 2008-04-14 00:11 77824 c:\windows\SYSTEM32\browser.dll
- 2009-09-09 20:13 . 2004-08-12 13:59 13312
c:\windows\$NtServicePackUninstall$\lsass.exe
+ 2009-09-09 20:13 . 2008-04-14 00:12 13312
c:\windows\$NtServicePackUninstall$\lsass.exe
+ 2009-09-09 20:13 . 2008-04-14 00:11 62464
c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2009-09-09 20:13 . 2008-04-14 00:11 77824
c:\windows\$NtServicePackUninstall$\browser.dll
+ 2008-12-24 17:30 . 2008-04-14 00:12 507904
c:\windows\SYSTEM32\winlogon.exe
+ 2008-12-24 17:31 . 2008-04-14 00:12 198144 c:\windows\SYSTEM32\netman.dll
+ 2008-12-24 17:31 . 2008-04-14 00:12 198144
c:\windows\SYSTEM32\DLLCACHE\netman.dll
+ 2008-12-24 17:31 . 2008-04-14 00:11 792064 c:\windows\SYSTEM32\comres.dll
- 2008-12-24 17:31 . 2004-08-12 13:56 792064 c:\windows\SYSTEM32\comres.dll
+ 2009-09-09 20:12 . 2008-04-14 00:12 507904
c:\windows\$NtServicePackUninstall$\winlogon.exe
+ 2009-09-09 20:12 . 2008-04-14 00:12 198144
c:\windows\$NtServicePackUninstall$\netman.dll
- 2009-09-09 20:13 . 2004-08-12 13:58 110080
c:\windows\$NtServicePackUninstall$\imm32.dll
+ 2009-09-09 20:13 . 2008-04-14 00:11 110080
c:\windows\$NtServicePackUninstall$\imm32.dll
- 2009-09-09 20:13 . 2004-08-12 13:56 792064
c:\windows\$NtServicePackUninstall$\comres.dll
+ 2009-09-09 20:13 . 2008-04-14 00:11 792064
c:\windows\$NtServicePackUninstall$\comres.dll
+ 2005-08-22 18:24 . 2008-04-14 00:12 198144
c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program
files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program
files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program
files\Coupons.com\prxtbCoup.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Arovax AntiSpyware"="c:\program files\Arovax
AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe"
[2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe"
[2009-06-05 843776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-25
98304]
.
c:\documents and settings\Dad\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Dad\Application Data\CBS
Interactive\CNET TechTracker\TechTracker.exe [2011-8-30 2620416]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and
settings\Dad\Application Data\iolo
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Auto Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
backup=c:\windows\pss\Auto Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^AOL
Desktop.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg
Scheduler V3.exe]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-12 13:56 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-07-17 12:32 160592 ----a-w- c:\program files\Siber Systems\AI
RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2008-05-06 20:48 764776 ----a-w- c:\program files\iolo\System Mechanic Professional
7\SMSystemAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SystemGuardAlerter]
2008-05-06 20:49 487784 ----a-w- c:\program files\iolo\System Mechanic Professional
7\SystemGuardAlerter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicat
ions\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\Cab\\MainRegister\\CabDirectory.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\Orb.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\OrbClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\OrbStreamer.exe"=
"c:\\Program Files\\ORB
Networks\\ORB\\ORBTV\\OrbStreamer\\MiTVStreamerClient.exe"=
"c:\\Program Files\\ORB
Networks\\ORB\\ORBTV\\OrbStreamer\\Orb3GPStreamerClient.exe"=
"c:\\Program Files\\ORB
Networks\\ORB\\ORBServices\\HelixEncoder\\Producer\\MiRMStreamerClient.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbStreamer\\rtspServer.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\bin\\OrbMedia.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\OrbTVXML.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\xmltv.exe"=
"c:\\Program Files\\ORB Networks\\ORB\\ORBTV\\OrbTVXML\\OrbIR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\
List]
"67:UDP"= 67:UDP:DHCP Server
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"56412:TCP"= 56412:TCP:Pando Media Booster
"56412:UDP"= 56412:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\symds.sys
[10/31/2011 5:08 PM 328752]
R0 SymEFA;Symantec Extended File
Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\symefa.sys [10/31/2011 5:08 PM
173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\201
11210.003\BHDrvx86.sys [12/14/2011 8:02 PM 819320]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\cchpx86.sys
[10/31/2011 5:08 PM 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0404000.00C\ironx86.sys
[10/31/2011 5:08 PM 116784]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai
[12/24/2008 12:31 PM 14336]
R2 CabDirectory;CabDirectory;c:\program files\ORB
Networks\ORB\Cab\MainRegister\CabDirectory.exe [6/29/2005 9:58 AM 417792]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program
files\iolo\Common\Lib\ioloServiceManager.exe [12/22/2007 6:41 PM 566120]
R2 ioloSystemService;iolo System Service;c:\program
files\iolo\Common\Lib\ioloServiceManager.exe [12/22/2007 6:41 PM 566120]
R2 N360;Norton Security Suite;c:\program files\Norton Security
Suite\Engine\4.4.0.12\ccsvchst.exe [10/31/2011 5:07 PM 126400]
R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network
Monitor\WLService.exe [7/16/2008 6:59 PM 41025]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec
Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 10:32 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\2011
1214.001\IDSXpx86.sys [12/14/2011 8:02 PM 356280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2011-12-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14
15:12]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application
Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
IE: Open Picture in &Microsoft PhotoDraw -
c:\progra~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program
files\PartyGaming\PartyCasino\RunApp.exe
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} -
c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} -
c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
DPF: Bowling by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/bowling/bowling-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/lottso/lottso-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Word Whomp by pogo -
hxxp://game3.pogo.com/v/9.0.5.4/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo -
hxxp://game3.pogo.com/v/9.0.5.4/applet/whackdown/whackdown-en_US.cab
DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} -
hxxp://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
DPF: {EC8C56B1-D027-4AB2-AF63-F845CCEE59B5} -
hxxps://billmanager.aol.com/billmanager/installs/csd/https%253A%252F%252Fbillmanager.aol.c
om%252Fbillmanager/AutologinHelper.cab
FF - ProfilePath - c:\documents and settings\Dad\Application
Data\Mozilla\Firefox\Profiles\etjbft0f.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.
net
Rootkit scan 2011-12-15 10:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security
Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program
files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common
files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\System32\msdtc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\imapi.exe
c:\program files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ORB Networks\ORB\ORBServices\OrbMediaService\OrbMediaService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\locator.exe
c:\windows\system32\dllhost.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-12-15 10:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 15:49
ComboFix2.txt 2011-12-14 17:33
ComboFix3.txt 2011-12-13 22:20
.
Pre-Run: 11,504,644,096 bytes free
Post-Run: 11,615,367,168 bytes free
.
- - End Of File - - 80B6A5A935C015A9F8DADCE99FAD0221

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:56 AM

Posted 15 December 2011 - 12:31 PM

Hello,

At this time I'm not seeing any malware left on the machine. Arovax antispy software is probably picking up Combofix's quarantine file. Lets run a couple of scans and do some updating.


1.
Hello, your log looks much better now.

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.


2.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

3.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

4.
Go ahead and uninstall and reinstall FireFox. I use Firefox as my main browser.


Things to include in your next reply::
SAS log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 ziolablue

ziolablue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 15 December 2011 - 11:58 PM

updating windows isnt working updates failed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users