Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something but can't find it!


  • This topic is locked This topic is locked
43 replies to this topic

#1 jujube

jujube

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 01 March 2013 - 12:53 PM

I have had computer problems over the last 2 weeks.  It first started with my internet connection showing "limited or no connectivity". Then my 
 
antivirus "Avast" web shield kept turning off and wouldn't turn back on without reinstalling Avast.  Then my firewall "Zonealarm" wouldn't work.  I 
 
searched the internet and found many things to try.  I have the internet connection repaired but think I may be infected by a rootkit.  All virus and malware scans show nothing.  A few scans I tried are Avast, Sophos, Malwarebytes, Kaspersky, Unthreat, IObit Malware Fighter, SuperAntiSpyware, Comodo, RogueKiller, Rkill, Tdsskiller, etc.  I have logs from aswMBR, gmer, Rootkit Hook Analyzer, RootRepeal, RogueKiller and HijackThis.  System keeps freezing requiring a reboot.  It takes a very long time for the icons to appear after restart and sometimes they never do. Browser "Chrome" keeps freezing up.  Start-Programs freezes blank for long time before populating.  
 
I have many logs I can send if they will help.  I have seen some stuff that is HOOKED but not sure if it is okay or not.  Also MBR 2 shows an error. I would really appreciate your help!
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.5.1
Run by User at 16:16:59 on 2013-02-28
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.252 [GMT -6:00]
.
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: UnThreat AntiVirus *Enabled/Updated* {E21B95D2-03E5-11E1-8297-2D7D4824019B}
FW: ZoneAlarm Free Firewall Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\UnThreat AntiVirus\utsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\UnThreat AntiVirus\UnThreat.exe
C:\Program Files\Quicknote\Quicknote.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Quicknote] c:\program files\quicknote\Quicknote.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [UnThreat] "c:\program files\unthreat antivirus\UnThreat.exe" -silent
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\_uninst_.lnk - c:\documents and settings\user\local settings\temp\_uninst_.bat
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoFileAssociate = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download With Album Copier - c:\program files\birosolutions\web album copier\\internetexplorerextensions\albumcopier.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{7B249723-94CD-4133-80BF-534C0BC76D55} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A0BA9F92-678A-4EFA-8C65-57B6B38DDA97} : NameServer = 68.94.156.1 68.94.157.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: taskmgr.exe - "i:\processexplorer\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\fh8xn7nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92260039460780884
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - 
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\fh8xn7nz.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: !HIDDEN! 2009-09-07 02:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 79497392;79497392;c:\windows\system32\drivers\79497392.sys [2013-2-28 133208]
R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [2011-12-28 43584]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-5-14 133208]
R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [2011-12-28 48192]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-5-12 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-22 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-18 361032]
R1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [2011-12-28 27200]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-5-14 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2013-2-21 22064]
R1 setup_9.0.0.722_23.04.2011_06-57drv;setup_9.0.0.722_23.04.2011_06-57drv;c:\windows\system32\drivers\2577372.sys [2011-4-22 315408]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2009-1-11 95592]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-1-2 528000]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-18 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-16 44808]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27056]
R2 ppsio;PrmxPPDev;c:\windows\system32\drivers\ppsio.sys [1998-2-26 109824]
R2 VWavD32;VWavD32;c:\windows\system32\drivers\VWavD32.sys [1998-3-25 27520]
RUnknown 1999242drv;1999242drv; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-2-21 66344]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-12-21 17149]
S3 ELCZQN;ELCZQN;c:\docume~1\user\locals~1\temp\elczqn.exe --> c:\docume~1\user\locals~1\temp\ELCZQN.exe [?]
S3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\documents and settings\user\my documents\computer & internet\troubleshoot & repair\HitmanPro.exe [2013-2-1 8946432]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2013-2-21 94496]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-4 465216]
S4 gupdate1c9b339865e9ca8;Google Update Service (gupdate1c9b339865e9ca8);c:\program files\google\update\GoogleUpdate.exe [2009-4-1 133104]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\quicknote\Quicknote.exe" /txeign %1 [default=QuicknoteN  - 'Open' doesn't exist]
FileExt: .chm: chm.file - HKCR\*\Shell="c:\program files\spybot - search & destroy\SDFiles.exe" "%1" /ask [default=sdfiles - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2100-02-08 22:03:54    53248    ----a-w-    c:\program files\ACMonitor_X73.exe
2013-02-28 19:00:04    --------    d-----w-    c:\windows\ERUNT
2013-02-28 18:59:08    --------    d-----w-    C:\JRT
2013-02-28 18:48:23    19248    ----a-w-    c:\windows\system32\drivers\rspsc32.sys
2013-02-28 18:48:22    --------    d-----w-    c:\program files\RootKit Hook Analyzer
2013-02-28 18:07:13    133208    ----a-w-    c:\windows\system32\drivers\79497392.sys
2013-02-22 23:37:18    --------    d-----w-    c:\windows\system32\CatRoot_bak
2013-02-22 23:28:20    1330176    ----a-w-    c:\windows\is-MBO8C.exe
2013-02-22 23:06:12    --------    d-----w-    c:\program files\ACW
2013-02-22 02:20:52    --------    d-----w-    c:\documents and settings\user\Doctor Web
2013-02-21 23:23:08    66344    ----a-w-    c:\windows\system32\drivers\sbapifs.sys
2013-02-21 23:23:05    22064    ----a-w-    c:\windows\system32\drivers\sbaphd.sys
2013-02-21 23:23:02    94496    ----a-w-    c:\windows\system32\drivers\sbhips.sys
2013-02-21 23:22:14    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-02-21 23:20:41    --------    d-----w-    c:\program files\UnThreat AntiVirus
2013-02-21 23:20:41    --------    d-----w-    c:\documents and settings\all users\application data\UnThreat
2013-02-21 22:41:12    --------    d-----w-    c:\documents and settings\all users\application data\Sophos
2013-02-21 22:40:47    73728    ----a-r-    c:\documents and settings\user\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40:47    73728    ----a-r-    c:\documents and settings\user\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40:46    73728    ----a-r-    c:\documents and settings\user\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-02-21 22:39:59    --------    d-----w-    c:\program files\Sophos
2013-02-21 17:39:27    --------    d-----w-    c:\documents and settings\all users\application data\SecTaskMan
2013-02-21 17:39:12    --------    d-----w-    c:\program files\Security Task Manager
2013-02-19 16:14:39    --------    d-----w-    C:\CCE_Quarantine
2013-02-19 06:52:16    --------    d-----w-    c:\program files\Free Window Registry Repair
2013-02-19 05:40:45    98816    ----a-w-    c:\windows\sed.exe
2013-02-19 05:40:45    256000    ----a-w-    c:\windows\PEV.exe
2013-02-19 05:40:45    208896    ----a-w-    c:\windows\MBR.exe
2013-02-16 21:04:56    --------    d-----w-    c:\documents and settings\user\application data\SUPERAntiSpyware.com
2013-02-16 21:04:16    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-02-13 23:27:01    --------    d-----w-    c:\program files\WindowsUpdate
2013-02-13 00:29:30    270336    ----a-w-    c:\windows\system32\hpzcon07.dll
2013-02-13 00:29:30    208896    ----a-w-    c:\windows\system32\hpzcoi07.dll
2013-02-13 00:29:30    147512    ----a-w-    c:\windows\system32\hpzlnt07.dll
2013-02-12 23:58:38    10368    ----a-w-    c:\windows\system32\drivers\omci.sys
2013-02-12 23:58:36    446464    ------r-    c:\windows\system32\hhactivex.dll
2013-02-12 23:58:36    414944    ------w-    c:\windows\system32\COMCT332.OCX
2013-02-12 23:58:36    328480    ------w-    c:\windows\system32\ssa3d30.ocx
2013-02-12 23:58:36    176128    ------w-    c:\windows\system32\RcdScan.dll
2013-02-12 23:58:35    89360    ----a-w-    c:\windows\system32\VB5DB.DLL
2013-02-12 20:48:03    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-02-12 20:48:03    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-02-07 19:17:05    --------    d-----w-    c:\documents and settings\user\local settings\application data\MediaMonkey
2013-02-07 03:52:14    --------    d-----w-    c:\documents and settings\user\Downloads
2013-02-05 19:26:44    --------    d-----w-    c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-04 18:19:24    --------    dc----w-    c:\windows\ie8
2013-02-02 05:42:37    120    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-02-02 04:35:35    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-02-02 03:52:19    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
.
==================== Find3M  ====================
.
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-14 22:49:28    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2001-05-08 22:36:42    114688    ----a-w-    c:\program files\lxarscan.dll
.
============= FINISH: 16:21:16.67 ===============
 


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 01 March 2013 - 01:12 PM


Hello jujube

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 01 March 2013 - 07:28 PM

Gringo, thanks for your quick response.  Following are the 3 logs.

 

 

 
Security Check Log
 Results of screen317's Security Check version 0.99.60  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
 avast! Free Antivirus    
 Sophos Virus Removal Tool   
 UnThreat Free AntiVirus 2013   
 ZoneAlarm Antivirus     
 ZoneAlarm Free Firewall    
 ZoneAlarm Firewall     
 ZoneAlarm Security     
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 RootKit Hook Analyzer 3.02  
 Malwarebytes Anti-Malware version 1.70.0.1100  
 HijackThis 1.99.1    
 CCleaner     
 JavaFX 2.1.1    
 Java™ 6 Update 31  
 Java 7 Update 13  
 Java version out of Date! 
 Mozilla Firefox (4.0.1) 
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 IObit IObit Malware Fighter IMFsrv.exe  
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 avastUI.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log`````````````````````` 
 
AdwCleaner Log
# AdwCleaner v2.113 - Logfile created 03/01/2013 at 17:47:29
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - CHERYL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\User\My Documents\Software
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\fh8xn7nz.default\searchplugins\GoogleFeed.xml
Folder Deleted : C:\Documents and Settings\User\Application Data\dvdvideosoftiehelpers
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v4.0.1 (en-US)
 
File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\fh8xn7nz.default\prefs.js
 
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\fh8xn7nz.default\user.js ... Deleted !
 
[OK] File is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [20580 octets] - [01/02/2013 23:41:54]
AdwCleaner[S2].txt - [1344 octets] - [01/03/2013 17:47:29]
 
########## EOF - C:\AdwCleaner[S2].txt - [1404 octets] ##########
 
 
RogueKiller Log
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 03/01/2013 18:24:52
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[IFEO] HKLM\[...]\taskmgr.exe : Debugger ("C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE") -> DELETED
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[66] : NtDeviceIoControlFile @ 0x80579643 -> HOOKED (IPVNMon.sys @ 0xF6D21803)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1    localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Maxtor 6Y080L0 +++++
--- User ---
[MBR] 5a5cc24e16aa21d7fe00e31e28c5af55
[BSP] 0f3b2a39d01b8206f80ed53f11173d27 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[2]_D_03012013_02d1824.txt >>
RKreport[1]_S_03012013_02d1823.txt ; RKreport[2]_D_03012013_02d1824.txt
 
Thanks for your help!!


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 01 March 2013 - 08:13 PM


Hello jujube

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 02 March 2013 - 06:16 PM

Gringo, On my first attempt to run Combofix.exe the Run box opened a few times and wouldn't respond.  It wouldn't close so I initiated a restart twice with no response.  I had to force the shutdown and restart of the system.  I received a svchost.exe application error twice.  Then I disabled Avast again and it froze the system.  Had to force another restart.  Received the svchost error again. Disabling Avast wasn't working and my attempt to kill in task manager gave me an access denied error so I uninstalled it.  Then turned off ZoneAlarm.  Tried to run Combofix and it said they were both still running.  I went to task manager and stopped the Avast processes again access denied.  Wasn't sure which belonged to zonealarm.  Started Process Explorer program to break down the processes and succeeded in killing ZA and Avast.  Finally Combofix ran and here is the log.

 

 

ComboFix 13-03-02.01 - User 03/02/2013  14:33:05.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.679 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: UnThreat AntiVirus *Enabled/Updated* {E21B95D2-03E5-11E1-8297-2D7D4824019B}
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Data9\WFNOTIFY.WAV
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\User\Local Settings\Application Data\assembly\tmp
c:\documents and settings\User\WINDOWS
c:\windows\_detmp.2
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\patch.exe
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\office.exe
c:\windows\system32\spool\prtprocs\w32x86\LXARPP.DLL
c:\windows\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-02 to 2013-03-02  )))))))))))))))))))))))))))))))
.
.
2100-02-08 22:03 . 2001-05-11 17:39    53248    ------w-    c:\program files\ACMonitor_X73.exe
2013-03-01 18:39 . 2013-03-01 18:39    --------    d-----w-    c:\program files\Cobian Backup 11
2013-03-01 03:58 . 2013-03-01 03:58    388096    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-01 03:58 . 2013-03-01 03:58    --------    d-----w-    c:\program files\Trend Micro
2013-03-01 03:33 . 2012-10-29 14:20    27232    ------w-    c:\windows\system32\drivers\rspSanity32XP.sys
2013-03-01 03:33 . 2013-03-01 03:33    --------    d-----w-    c:\program files\SanityCheck
2013-02-28 19:00 . 2013-02-28 19:00    --------    d-----w-    c:\windows\ERUNT
2013-02-28 18:59 . 2013-02-28 18:59    --------    d-----w-    C:\JRT
2013-02-28 18:48 . 2007-07-07 06:39    19248    ------w-    c:\windows\system32\drivers\rspsc32.sys
2013-02-28 18:48 . 2013-03-01 03:31    --------    d-----w-    c:\program files\RootKit Hook Analyzer
2013-02-28 18:07 . 2013-02-28 06:18    133208    ------w-    c:\windows\system32\drivers\79497392.sys
2013-02-25 17:39 . 2013-02-25 17:39    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\vlc
2013-02-25 00:10 . 2013-02-25 00:10    --------    d-sh--w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\PrivacIE
2013-02-24 18:45 . 2013-02-24 18:45    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\Malwarebytes
2013-02-22 23:37 . 2013-02-22 23:43    --------    d-----w-    c:\windows\system32\CatRoot_bak
2013-02-22 23:28 . 2013-02-22 23:28    1330176    ------w-    c:\windows\is-MBO8C.exe
2013-02-22 22:59 . 2013-02-23 20:02    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Local Settings\Application Data\Google
2013-02-22 16:24 . 2013-02-22 16:24    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\Windows Search
2013-02-22 02:20 . 2013-02-22 13:54    --------    d-----w-    c:\documents and settings\User\Doctor Web
2013-02-21 23:23 . 2012-09-13 02:19    66344    ------w-    c:\windows\system32\drivers\sbapifs.sys
2013-02-21 23:23 . 2012-09-13 02:19    22064    ------w-    c:\windows\system32\drivers\sbaphd.sys
2013-02-21 23:23 . 2012-09-20 11:11    94496    ------w-    c:\windows\system32\drivers\sbhips.sys
2013-02-21 23:22 . 2012-09-20 11:39    44424    ------w-    c:\windows\system32\sbbd.exe
2013-02-21 23:20 . 2013-03-02 20:11    --------    d-----w-    c:\program files\UnThreat AntiVirus
2013-02-21 23:20 . 2013-02-23 02:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\UnThreat
2013-02-21 22:41 . 2013-02-21 22:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sophos
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-02-21 22:39 . 2013-02-21 22:39    --------    d-----w-    c:\program files\Sophos
2013-02-21 17:39 . 2013-02-28 00:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\SecTaskMan
2013-02-21 17:39 . 2013-02-24 18:49    --------    d-----w-    c:\program files\Security Task Manager
2013-02-19 16:14 . 2013-02-19 16:14    --------    d-----w-    C:\CCE_Quarantine
2013-02-19 06:52 . 2013-02-28 01:37    --------    d-----w-    c:\program files\Free Window Registry Repair
2013-02-16 21:04 . 2013-02-16 21:04    --------    d-----w-    c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2013-02-16 21:04 . 2013-02-22 14:06    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-02-13 00:29 . 2002-12-10 00:19    147512    ------w-    c:\windows\system32\hpzlnt07.dll
2013-02-13 00:29 . 2002-12-10 00:19    270336    ------w-    c:\windows\system32\hpzcon07.dll
2013-02-13 00:29 . 2002-12-10 00:19    208896    ------w-    c:\windows\system32\hpzcoi07.dll
2013-02-12 23:58 . 2001-05-15 00:15    10368    ------w-    c:\windows\system32\drivers\omci.sys
2013-02-12 23:58 . 2001-08-23 17:53    176128    ------w-    c:\windows\system32\RcdScan.dll
2013-02-12 23:58 . 2000-03-23 19:50    446464    ------r-    c:\windows\system32\hhactivex.dll
2013-02-12 23:58 . 1999-05-07 20:24    414944    ------w-    c:\windows\system32\COMCT332.OCX
2013-02-12 23:58 . 1998-11-10 17:46    328480    ------w-    c:\windows\system32\ssa3d30.ocx
2013-02-12 23:58 . 1998-06-18 06:00    89360    ------w-    c:\windows\system32\VB5DB.DLL
2013-02-12 20:48 . 2013-02-12 20:48    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-02-07 19:17 . 2013-02-07 19:17    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\MediaMonkey
2013-02-07 03:52 . 2013-02-07 03:52    --------    d-----w-    c:\documents and settings\User\Downloads
2013-02-05 19:26 . 2013-02-05 19:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-04 18:19 . 2013-02-04 18:21    --------    dc----w-    c:\windows\ie8
2013-02-02 04:35 . 2013-02-20 21:22    12872    ------w-    c:\windows\system32\bootdelete.exe
2013-02-02 03:52 . 2013-02-02 04:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 08:35 . 2011-01-16 23:14    228600    ------w-    c:\windows\system32\aswBoot.exe
2012-12-16 12:23 . 2001-08-18 12:00    290560    ------w-    c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2011-05-17 02:17    21104    ------w-    c:\windows\system32\drivers\mbam.sys
2001-05-08 22:36 . 2000-12-05 21:56    114688    ------w-    c:\program files\lxarscan.dll
2011-04-30 03:49 . 2011-04-17 22:59    142296    ------w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
.
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\system32\mshtml.dll
[-] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2012-11-12 . 9C46E5C82F94D9AEDD2CE798F0DF1158 . 6008832 . . [8.00.6001.19393] . . c:\windows\ie8updates\KB2799329-IE8\mshtml.dll
[-] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie8\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-08-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\system32\wininet.dll
[-] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\system32\dllcache\wininet.dll
[-] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2744842-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2001-08-18 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2001-08-18 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\system32\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\iprip.dll
.
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
.
[-] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\system32\ntkrnlpa.exe
[-] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\system32\ntoskrnl.exe
[-] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Quicknote"="c:\program files\Quicknote\Quicknote.exe" [2010-02-23 1253376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnThreat"="c:\program files\UnThreat AntiVirus\UnThreat.exe" [2012-12-14 12197040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42    72208    ------w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.USER-YPO7RI9YHM^Start Menu^Programs^Startup^Uninstall LastPass RunOnce.lnk]
backup=c:\windows\pss\Uninstall LastPass RunOnce.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\qliner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\qliner\quotes
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ------w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2013-01-16 00:47    491840    ------w-    c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 20:13    59280    ------w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32    203264    ------w-    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ------w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2010-10-14 08:11    487424    ------w-    c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36    30040    ------w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18    241664    ------w-    c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-12-10 00:19    188416    ------w-    c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 15:54    150016    ------w-    c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-11-22 14:32    738984    ------w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
2001-07-11 18:08    53248    ------w-    c:\progra~1\LexmarkX73\AcBtnMgr_X73.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
2001-10-08 22:21    53248    ------w-    c:\progra~1\LexmarkX73\ACMonitor_X73.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 02:42    95632    ------w-    c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38    421888    ------w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-02-22 14:06    4763008    ------w-    c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolwizCareFree]
2012-09-26 18:06    5183064    ------w-    c:\program files\ToolwizCareFree\ToolwizCares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm]
2013-01-02 19:38    73984    ----a-w-    c:\program files\CheckPoint\ZoneAlarm\zatray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"!SASCORE"=2 (0x2)
"cisvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1c9b339865e9ca8"=2 (0x2)
"gusvc"=3 (0x3)
"ERSvc"=2 (0x2)
"MSDTC"=3 (0x3)
"CryptSvc"=2 (0x2)
"Browser"=2 (0x2)
"ClipSrv"=3 (0x3)
"wuauserv"=2 (0x2)
"ALG"=2 (0x2)
"p2pimsvc"=3 (0x3)
"p2pgasvc"=3 (0x3)
"p2psvc"=3 (0x3)
"PNRPSvc"=3 (0x3)
"McciCMService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"WINDVDPatch"=CTHELPER.EXE
"AHQInit"=c:\program files\Creative\SBLive\Program\AHQInit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\UnThreat AntiVirus\\UnThreat.exe"=
"c:\\Program Files\\UnThreat AntiVirus\\utsvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 79497392;79497392;c:\windows\system32\drivers\79497392.sys [2/28/2013 12:07 PM 133208]
R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [12/28/2011 6:20 PM 43584]
R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [12/28/2011 6:20 PM 48192]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/12/2011 9:14 AM 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/11/2009 2:20 PM 721904]
R1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [12/28/2011 6:20 PM 27200]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [5/14/2012 4:18 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/21/2013 5:23 PM 22064]
R1 setup_9.0.0.722_23.04.2011_06-57drv;setup_9.0.0.722_23.04.2011_06-57drv;c:\windows\system32\drivers\2577372.sys [4/22/2011 11:17 PM 315408]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [1/11/2009 2:19 PM 95592]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [3/1/2013 12:39 PM 67584]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 8:44 AM 27056]
R2 ppsio;PrmxPPDev;c:\windows\system32\drivers\ppsio.sys [2/26/1998 4:32 AM 109824]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/21/2013 5:23 PM 66344]
R2 VWavD32;VWavD32;c:\windows\system32\drivers\VWavD32.sys [3/25/1998 12:45 AM 27520]
R3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [12/21/2006 9:58 PM 17149]
S3 ELCZQN;ELCZQN;c:\docume~1\User\LOCALS~1\Temp\ELCZQN.exe --> c:\docume~1\User\LOCALS~1\Temp\ELCZQN.exe [?]
S3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\documents and settings\User\My Documents\Computer & Internet\Troubleshoot & Repair\HitmanPro.exe [2/1/2013 9:49 PM 8946432]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32XP.sys [2/28/2013 9:33 PM 27232]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2/21/2013 5:23 PM 94496]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/4/2012 4:22 PM 465216]
S4 gupdate1c9b339865e9ca8;Google Update Service (gupdate1c9b339865e9ca8);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2009 8:19 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IPVNMon
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper    REG_MULTI_SZ       getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-01 17:17    1629648    ------w-    c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-04 00:47]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce04d5c35cb120.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 02:19]
.
2013-03-02 c:\windows\Tasks\User_Feed_Synchronization-{7DFF4C9B-D465-468E-A588-48C3416683CA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.excite.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download With Album Copier - c:\program files\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: excite.com\www
Trusted Zone: excite.com\www1
Trusted Zone: google.com\b.mail
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A0BA9F92-678A-4EFA-8C65-57B6B38DDA97}: NameServer = 68.94.156.1 68.94.157.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fh8xn7nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92260039460780884
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - 
FF - ExtSQL: !HIDDEN! 2009-09-07 02:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)
HKLM-Run-ISW - (no file)
MSConfigStartUp-avast - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-quotes - (no file)
AddRemove-HijackThis - i:\hijackthis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-02 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2013-03-02  14:54:39
ComboFix-quarantined-files.txt  2013-03-02 20:54
.
Pre-Run: 37,494,714,368 bytes free
Post-Run: 37,600,030,720 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D28C93A81148898DFAEFD302C19AC87F
 
Computer is doing okay right now.  I re-installed Avast and restarted ZA.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 02 March 2013 - 07:28 PM



Hello jujube


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 03 March 2013 - 06:40 PM

Gringo, i have run TDSSKiller. following is the log. It has taken me 6 hour of restarting the system to get this post sent. &nbsp;My system keeps freezing up as the desktop icons are populating. It freezes and the windows clock freezes too. I am in Safe mode with networking right now. I am going to go ahead and run Malwarebytes in Safe mode. I hope that will work.  The log is too long and I can't figure out how to attach it.  I hope this time the post goes through with what is below SCAN FINISHED.

 

 

13:17:45.0328 3732  ============================================================
13:17:45.0328 3732  Scan finished
13:17:45.0328 3732  ============================================================
13:17:45.0468 3724  Detected object count: 266
13:17:45.0468 3724  Actual detected object count: 266
13:19:33.0031 3724  6to4 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0031 3724  6to4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0031 3724  ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0031 3724  ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0031 3724  ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0031 3724  ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0031 3724  aec ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0031 3724  aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0031 3724  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0031 3724  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0031 3724  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0031 3724  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0046 3724  agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0046 3724  agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0046 3724  Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0046 3724  Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0046 3724  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0046 3724  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0062 3724  Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0062 3724  Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0062 3724  AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0062 3724  AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0062 3724  atapi ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0078 3724  atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0078 3724  Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0078 3724  Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0093 3724  AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0093 3724  AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0093 3724  audstub ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0093 3724  audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0093 3724  Beep ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0093 3724  Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0109 3724  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0109 3724  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0109 3724  Browser ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0109 3724  Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0125 3724  bvrp_pci ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0125 3724  bvrp_pci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0125 3724  cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0125 3724  cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0125 3724  cbVSCService11 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0140 3724  cbVSCService11 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0140 3724  Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0140 3724  Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0140 3724  Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0140 3724  Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0156 3724  Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0156 3724  Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0156 3724  cisvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0156 3724  cisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0171 3724  ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0171 3724  ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0171 3724  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0171 3724  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0171 3724  CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0171 3724  CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0187 3724  ctac32k ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0187 3724  ctac32k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0187 3724  ctaud2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0187 3724  ctaud2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0203 3724  ctljystk ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0203 3724  ctljystk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0203 3724  ctprxy2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0203 3724  ctprxy2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0203 3724  ctsfm2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0203 3724  ctsfm2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0218 3724  DC21x4 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0218 3724  DC21x4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0218 3724  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0218 3724  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0234 3724  Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0234 3724  Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0234 3724  Disk ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0234 3724  Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0234 3724  dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0234 3724  dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0250 3724  dmio ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0250 3724  dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0250 3724  dmload ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0250 3724  dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0250 3724  dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0250 3724  dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0265 3724  DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0265 3724  DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0265 3724  DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0265 3724  DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0281 3724  Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0281 3724  Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0281 3724  Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0281 3724  Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0281 3724  drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0296 3724  drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0296 3724  drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0296 3724  drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0312 3724  drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0312 3724  drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0312 3724  EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0312 3724  EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0328 3724  emu10k ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0328 3724  emu10k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0328 3724  emu10k1 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0328 3724  emu10k1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0343 3724  emupia ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0343 3724  emupia ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0343 3724  ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0343 3724  ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0343 3724  Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0343 3724  Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0359 3724  EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0359 3724  EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0359 3724  Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0359 3724  Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0375 3724  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0375 3724  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0375 3724  Fax ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0375 3724  Fax ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0375 3724  Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0375 3724  Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0390 3724  Fips ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0390 3724  Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0390 3724  Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0390 3724  Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0406 3724  FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0406 3724  FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0406 3724  Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0406 3724  Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0406 3724  Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0406 3724  Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0421 3724  gameenum ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0421 3724  gameenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0421 3724  Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0421 3724  Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0437 3724  ha10kx2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0437 3724  ha10kx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0437 3724  HCF_MSFT ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0437 3724  HCF_MSFT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0437 3724  helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0437 3724  helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0453 3724  HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0453 3724  HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0468 3724  hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0468 3724  hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0468 3724  hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0468 3724  hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0468 3724  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0484 3724  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0484 3724  HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0484 3724  HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0484 3724  HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0484 3724  HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0500 3724  HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0500 3724  HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0500 3724  HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0500 3724  HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0515 3724  HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0515 3724  HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0515 3724  i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0515 3724  i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0515 3724  IdeBusDr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0515 3724  IdeBusDr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0531 3724  IdeChnDr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0531 3724  IdeChnDr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0546 3724  Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0546 3724  Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0546 3724  ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0546 3724  ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0546 3724  IntelIde ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0546 3724  IntelIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0562 3724  intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0562 3724  intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0562 3724  ip6fw ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0562 3724  ip6fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0578 3724  IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0578 3724  IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0578 3724  IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0578 3724  IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0578 3724  IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0578 3724  IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0593 3724  IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0593 3724  IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0593 3724  IPVNMon ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0593 3724  IPVNMon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0609 3724  IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0609 3724  IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0609 3724  isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0609 3724  isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0609 3724  Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0625 3724  Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0625 3724  kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0625 3724  kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0625 3724  kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0625 3724  kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0640 3724  KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0640 3724  KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0640 3724  lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0640 3724  lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0656 3724  lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0656 3724  lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0656 3724  LexBceS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0656 3724  LexBceS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0656 3724  LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0656 3724  LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0671 3724  LPDSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0671 3724  LPDSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0671 3724  LXARScan ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0671 3724  LXARScan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0687 3724  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0687 3724  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0687 3724  Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0687 3724  Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0703 3724  mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0703 3724  mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0703 3724  mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0703 3724  mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0703 3724  Modem ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0703 3724  Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0718 3724  Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0718 3724  Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0718 3724  mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0718 3724  mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0734 3724  MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0734 3724  MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0734 3724  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0734 3724  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0734 3724  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0734 3724  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0750 3724  MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0750 3724  MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0750 3724  MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0750 3724  MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0765 3724  MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0765 3724  MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0765 3724  Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0765 3724  Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0765 3724  MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0765 3724  MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0781 3724  MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0781 3724  MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0796 3724  MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0796 3724  MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0796 3724  mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0796 3724  mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0812 3724  Mup ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0812 3724  Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0812 3724  napagent ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0812 3724  napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0812 3724  NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0828 3724  NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0828 3724  NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0828 3724  NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0828 3724  Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0828 3724  Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0843 3724  NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0843 3724  NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0843 3724  NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0843 3724  NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0859 3724  NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0859 3724  NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0859 3724  NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0859 3724  NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0859 3724  NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0859 3724  NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0875 3724  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0875 3724  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0875 3724  Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0875 3724  Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0890 3724  Netman ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0890 3724  Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0890 3724  Nla ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0890 3724  Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0890 3724  Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0890 3724  Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0906 3724  Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0906 3724  Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0906 3724  NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0906 3724  NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0921 3724  NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0921 3724  NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0921 3724  Null ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0921 3724  Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0921 3724  nv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0921 3724  nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0937 3724  nv4 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0937 3724  nv4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0937 3724  NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0937 3724  NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0953 3724  NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0953 3724  NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0953 3724  NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0953 3724  NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0953 3724  OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0968 3724  OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0968 3724  ossrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0968 3724  ossrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0968 3724  p2pgasvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0968 3724  p2pgasvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0984 3724  p2pimsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0984 3724  p2pimsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0984 3724  p2psvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0984 3724  p2psvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0000 3724  Parport ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0000 3724  Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0000 3724  PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0000 3724  PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0015 3724  ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0015 3724  ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0015 3724  PCI ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0015 3724  PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0015 3724  Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0015 3724  Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0031 3724  PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0031 3724  PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0031 3724  PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0046 3724  PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0046 3724  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0046 3724  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0046 3724  PNRPSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0046 3724  PNRPSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0062 3724  PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0062 3724  PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0062 3724  ppsio ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0062 3724  ppsio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0078 3724  PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0078 3724  PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0078 3724  Processor ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0078 3724  Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0078 3724  ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0078 3724  ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0093 3724  PSched ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0093 3724  PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0093 3724  Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0093 3724  Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0109 3724  RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0109 3724  RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0109 3724  RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0109 3724  RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0109 3724  Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0109 3724  Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0125 3724  RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0125 3724  RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0125 3724  RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0125 3724  RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0140 3724  Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0140 3724  Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0140 3724  Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0140 3724  Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0140 3724  RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0140 3724  RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0156 3724  RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0156 3724  RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0156 3724  RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0156 3724  RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0171 3724  redbook ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0171 3724  redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0171 3724  RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0171 3724  RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0171 3724  ROOTMODEM ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0171 3724  ROOTMODEM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0187 3724  RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0187 3724  RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0187 3724  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0187 3724  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0203 3724  RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0203 3724  RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0203 3724  SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0203 3724  SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0218 3724  SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0218 3724  SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0218 3724  Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0218 3724  Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0218 3724  Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0218 3724  Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0234 3724  seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0234 3724  seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0234 3724  SENS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0234 3724  SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0250 3724  serenum ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0250 3724  serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0250 3724  Serial ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0250 3724  Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0250 3724  Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0250 3724  Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0265 3724  sfman ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0265 3724  sfman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0265 3724  SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0265 3724  SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0281 3724  ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0281 3724  ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0281 3724  SimpTcp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0281 3724  SimpTcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0296 3724  SNMP ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0296 3724  SNMP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0296 3724  SNMPTRAP ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0296 3724  SNMPTRAP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0312 3724  splitter ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0312 3724  splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0312 3724  Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0312 3724  Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0312 3724  sptd ( LockedFile.Multi.Generic ) - skipped by user
13:19:34.0312 3724  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0328 3724  sr ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0328 3724  sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0328 3724  srservice ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0328 3724  srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0343 3724  Srv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0343 3724  Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0343 3724  sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0343 3724  sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0359 3724  SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0359 3724  SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0359 3724  ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0359 3724  ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0359 3724  stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0359 3724  stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0375 3724  swenum ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0375 3724  swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0375 3724  swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0375 3724  swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0390 3724  sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0390 3724  sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0390 3724  SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0390 3724  SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0390 3724  TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0406 3724  TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0406 3724  Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0406 3724  Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0406 3724  Tcpip6 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0406 3724  Tcpip6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0421 3724  TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0421 3724  TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0421 3724  TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0421 3724  TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0437 3724  TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0437 3724  TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0437 3724  TermService ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0437 3724  TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0437 3724  tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0437 3724  tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0453 3724  tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0453 3724  tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0453 3724  tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0453 3724  tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0468 3724  tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0468 3724  tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0468 3724  tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0468 3724  tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0468 3724  tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0484 3724  tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0484 3724  tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0484 3724  tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0484 3724  tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0484 3724  tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0500 3724  tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0500 3724  tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0500 3724  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0500 3724  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0515 3724  TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0515 3724  TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0515 3724  tunmp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0515 3724  tunmp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0515 3724  Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0515 3724  Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0531 3724  Update ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0531 3724  Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0531 3724  upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0531 3724  upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0546 3724  UPS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0546 3724  UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0546 3724  usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0546 3724  usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0546 3724  usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0546 3724  usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0562 3724  usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0562 3724  usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0562 3724  usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0562 3724  usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0578 3724  usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0578 3724  usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0578 3724  usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0578 3724  usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0578 3724  USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0578 3724  USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0593 3724  usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0593 3724  usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0593 3724  VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0593 3724  VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0609 3724  VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0609 3724  VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0609 3724  VSS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0609 3724  VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0609 3724  VWavD32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0609 3724  VWavD32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0625 3724  W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0625 3724  W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0625 3724  Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0625 3724  Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0640 3724  wanatw ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0640 3724  wanatw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0640 3724  wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0640 3724  wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0640 3724  WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0656 3724  WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0656 3724  Winachcf ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0656 3724  Winachcf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0656 3724  winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0656 3724  winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0671 3724  WinRM ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0671 3724  WinRM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0671 3724  WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0671 3724  WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0687 3724  WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0687 3724  WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0687 3724  WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0687 3724  WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0703 3724  WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0703 3724  WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0703 3724  WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0703 3724  WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0703 3724  wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0703 3724  wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0718 3724  wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0718 3724  wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0718 3724  WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0718 3724  WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0734 3724  WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0734 3724  WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0734 3724  WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0734 3724  WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0734 3724  WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0734 3724  WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:34.0750 3724  xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:34.0750 3724  xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:21:47.0484 2908  ============================================================
13:21:47.0484 2908  Scan started
13:21:47.0484 2908  Mode: Manual; SigCheck; TDLFS; 
13:21:47.0484 2908  ============================================================
13:21:47.0671 2908  ================ Scan system memory ========================
13:21:47.0671 2908  System memory - ok
13:21:47.0687 2908  ================ Scan services =============================
13:21:47.0812 2908  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:21:47.0906 2908  !SASCORE - ok
13:21:48.0062 2908  [ C07D5197410AAB28D0D93F943F59656D ] 6to4            C:\WINDOWS\System32\6to4svc.dll
13:21:48.0671 2908  6to4 ( UnsignedFile.Multi.Generic ) - warning
13:21:48.0671 2908  6to4 - detected UnsignedFile.Multi.Generic (1)
13:21:48.0796 2908  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] 79497392        C:\WINDOWS\system32\DRIVERS\79497392.sys
13:21:48.0859 2908  79497392 - ok
13:21:48.0890 2908  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
13:21:49.0000 2908  Aavmker4 - ok
13:21:49.0015 2908  Abiosdsk - ok
13:21:49.0031 2908  abp480n5 - ok
13:21:49.0140 2908  [ 35F57598F0589FEB3C3ABC1621BF329F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:21:49.0203 2908  ACDaemon - ok
13:21:49.0265 2908  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:21:57.0859 2908  ACPI ( UnsignedFile.Multi.Generic ) - warning
13:21:57.0859 2908  ACPI - detected UnsignedFile.Multi.Generic (1)
13:21:57.0906 2908  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
13:22:06.0875 2908  ACPIEC ( UnsignedFile.Multi.Generic ) - warning
13:22:06.0875 2908  ACPIEC - detected UnsignedFile.Multi.Generic (1)
13:22:06.0890 2908  adpu160m - ok
13:22:07.0078 2908  [ CBFAA333EBA2E402A0439A3A0E5413F3 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
13:22:07.0171 2908  AdvancedSystemCareService6 - ok
13:22:07.0265 2908  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
13:22:15.0953 2908  aec ( UnsignedFile.Multi.Generic ) - warning
13:22:15.0953 2908  aec - detected UnsignedFile.Multi.Generic (1)
13:22:16.0000 2908  [ 2C5C22990156A1063E19AD162191DC1D ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:22:26.0859 2908  AegisP ( UnsignedFile.Multi.Generic ) - warning
13:22:26.0859 2908  AegisP - detected UnsignedFile.Multi.Generic (1)
13:22:27.0015 2908  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
13:22:28.0734 2908  AFD ( UnsignedFile.Multi.Generic ) - warning
13:22:28.0734 2908  AFD - detected UnsignedFile.Multi.Generic (1)
13:22:28.0796 2908  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
13:22:37.0203 2908  agp440 ( UnsignedFile.Multi.Generic ) - warning
13:22:37.0203 2908  agp440 - detected UnsignedFile.Multi.Generic (1)
13:22:37.0203 2908  Aha154x - ok
13:22:37.0218 2908  aic78u2 - ok
13:22:37.0234 2908  aic78xx - ok
13:22:37.0281 2908  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
13:22:38.0687 2908  Alerter ( UnsignedFile.Multi.Generic ) - warning
13:22:38.0687 2908  Alerter - detected UnsignedFile.Multi.Generic (1)
13:22:38.0718 2908  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
13:22:46.0968 2908  ALG ( UnsignedFile.Multi.Generic ) - warning
13:22:46.0968 2908  ALG - detected UnsignedFile.Multi.Generic (1)
13:22:46.0984 2908  AliIde - ok
13:22:46.0984 2908  amsint - ok
13:22:47.0078 2908  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:22:47.0125 2908  Apple Mobile Device - ok
13:22:47.0140 2908  AppMgmt - ok
13:22:47.0140 2908  AR5523 - ok
13:22:47.0156 2908  asc - ok
13:22:47.0171 2908  asc3350p - ok
13:22:47.0187 2908  asc3550 - ok
13:22:47.0250 2908  [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32          C:\WINDOWS\system32\drivers\aspi32.sys
13:22:55.0968 2908  Aspi32 ( UnsignedFile.Multi.Generic ) - warning
13:22:55.0968 2908  Aspi32 - detected UnsignedFile.Multi.Generic (1)
13:22:56.0890 2908  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:22:56.0937 2908  aspnet_state - ok
13:22:57.0031 2908  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:22:57.0078 2908  aswFsBlk - ok
13:22:57.0234 2908  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
13:22:57.0281 2908  aswMon2 - ok
13:22:57.0500 2908  [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
13:22:57.0546 2908  AswRdr - ok
13:22:58.0062 2908  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
13:22:58.0843 2908  aswSnx - ok
13:22:58.0906 2908  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
13:22:59.0812 2908  aswSP - ok
13:22:59.0890 2908  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
13:22:59.0968 2908  aswTdi - ok
13:23:00.0015 2908  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:23:00.0750 2908  AsyncMac ( UnsignedFile.Multi.Generic ) - warning
13:23:00.0750 2908  AsyncMac - detected UnsignedFile.Multi.Generic (1)
13:23:00.0812 2908  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
13:23:01.0515 2908  atapi ( UnsignedFile.Multi.Generic ) - warning
13:23:01.0515 2908  atapi - detected UnsignedFile.Multi.Generic (1)
13:23:01.0546 2908  Atdisk - ok
13:23:01.0609 2908  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:23:02.0515 2908  Atmarpc ( UnsignedFile.Multi.Generic ) - warning
13:23:02.0515 2908  Atmarpc - detected UnsignedFile.Multi.Generic (1)
13:23:02.0562 2908  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
13:23:04.0703 2908  AudioSrv ( UnsignedFile.Multi.Generic ) - warning
13:23:04.0703 2908  AudioSrv - detected UnsignedFile.Multi.Generic (1)
13:23:04.0765 2908  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
13:23:12.0125 2908  audstub ( UnsignedFile.Multi.Generic ) - warning
13:23:12.0125 2908  audstub - detected UnsignedFile.Multi.Generic (1)
13:23:12.0218 2908  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:23:12.0312 2908  avast! Antivirus - ok
13:23:12.0406 2908  [ 55FED228FE147ECB9C47A1C55388896E ] Basics Service  C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
13:23:12.0453 2908  Basics Service - ok
13:23:12.0500 2908  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:23:20.0421 2908  Beep ( UnsignedFile.Multi.Generic ) - warning
13:23:20.0421 2908  Beep - detected UnsignedFile.Multi.Generic (1)
13:23:20.0515 2908  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
13:23:28.0296 2908  BITS ( UnsignedFile.Multi.Generic ) - warning
13:23:28.0296 2908  BITS - detected UnsignedFile.Multi.Generic (1)
13:23:28.0359 2908  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
13:23:36.0531 2908  Browser ( UnsignedFile.Multi.Generic ) - warning
13:23:36.0531 2908  Browser - detected UnsignedFile.Multi.Generic (1)
13:23:36.0578 2908  [ 33502DC67CCC584F42DD8988D51274B7 ] BTOWSFF         C:\WINDOWS\system32\Drivers\BTOWSFF.sys
13:23:36.0640 2908  BTOWSFF - ok
13:23:36.0671 2908  [ 9395C546A533AFBBA0B32E9A49A66ECB ] BTOWSVF         C:\WINDOWS\system32\Drivers\BTOWSVF.sys
13:23:36.0734 2908  BTOWSVF - ok
13:23:36.0781 2908  [ C043CA48F1F5C00FF8272180FBBD15E9 ] bvrp_pci        C:\WINDOWS\system32\drivers\bvrp_pci.sys
13:23:45.0000 2908  bvrp_pci ( UnsignedFile.Multi.Generic ) - warning
13:23:45.0000 2908  bvrp_pci - detected UnsignedFile.Multi.Generic (1)
13:23:45.0093 2908  catchme - ok
13:23:45.0125 2908  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
13:23:53.0328 2908  cbidf2k ( UnsignedFile.Multi.Generic ) - warning
13:23:53.0328 2908  cbidf2k - detected UnsignedFile.Multi.Generic (1)
13:23:53.0390 2908  [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11  C:\Program Files\Cobian Backup 11\cbVSCService11.exe
13:24:01.0000 2908  cbVSCService11 ( UnsignedFile.Multi.Generic ) - warning
13:24:01.0000 2908  cbVSCService11 - detected UnsignedFile.Multi.Generic (1)
13:24:01.0046 2908  cd20xrnt - ok
13:24:01.0109 2908  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
13:24:01.0859 2908  Cdaudio ( UnsignedFile.Multi.Generic ) - warning
13:24:01.0859 2908  Cdaudio - detected UnsignedFile.Multi.Generic (1)
13:24:01.0921 2908  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
13:24:02.0421 2908  Cdfs ( UnsignedFile.Multi.Generic ) - warning
13:24:02.0421 2908  Cdfs - detected UnsignedFile.Multi.Generic (1)
13:24:02.0484 2908  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:24:03.0281 2908  Cdrom ( UnsignedFile.Multi.Generic ) - warning
13:24:03.0281 2908  Cdrom - detected UnsignedFile.Multi.Generic (1)
13:24:03.0296 2908  Changer - ok
13:24:03.0437 2908  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\system32\cisvc.exe
13:24:04.0281 2908  cisvc ( UnsignedFile.Multi.Generic ) - warning
13:24:04.0281 2908  cisvc - detected UnsignedFile.Multi.Generic (1)
13:24:04.0359 2908  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
13:24:05.0109 2908  ClipSrv ( UnsignedFile.Multi.Generic ) - warning
13:24:05.0109 2908  ClipSrv - detected UnsignedFile.Multi.Generic (1)
13:24:05.0390 2908  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:05.0437 2908  clr_optimization_v2.0.50727_32 - ok
13:24:05.0500 2908  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:24:05.0578 2908  clr_optimization_v4.0.30319_32 - ok
13:24:05.0578 2908  CmdIde - ok
13:24:05.0593 2908  COMSysApp - ok
13:24:05.0625 2908  Cpqarray - ok
13:24:05.0718 2908  [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
13:24:06.0593 2908  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
13:24:06.0593 2908  Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
13:24:06.0687 2908  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
13:24:07.0671 2908  CryptSvc ( UnsignedFile.Multi.Generic ) - warning
13:24:07.0671 2908  CryptSvc - detected UnsignedFile.Multi.Generic (1)
13:24:07.0781 2908  [ 4B6096745F72B4FD36514617E2EA5D37 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
13:24:08.0578 2908  ctac32k ( UnsignedFile.Multi.Generic ) - warning
13:24:08.0578 2908  ctac32k - detected UnsignedFile.Multi.Generic (1)
13:24:08.0781 2908  [ 3576EC792347ED15699F6D830E0F5437 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
13:24:17.0109 2908  ctaud2k ( UnsignedFile.Multi.Generic ) - warning
13:24:17.0109 2908  ctaud2k - detected UnsignedFile.Multi.Generic (1)
13:24:17.0187 2908  [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk        C:\WINDOWS\system32\DRIVERS\ctljystk.sys
13:24:25.0984 2908  ctljystk ( UnsignedFile.Multi.Generic ) - warning
13:24:25.0984 2908  ctljystk - detected UnsignedFile.Multi.Generic (1)
13:24:26.0046 2908  [ 097D42574E3C6D98CD5A2EE7647FA6BF ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:24:27.0015 2908  ctprxy2k ( UnsignedFile.Multi.Generic ) - warning
13:24:27.0015 2908  ctprxy2k - detected UnsignedFile.Multi.Generic (1)
13:24:27.0062 2908  [ C58A2507EF62B20B9BD670C666088B50 ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:24:35.0703 2908  ctsfm2k ( UnsignedFile.Multi.Generic ) - warning
13:24:35.0703 2908  ctsfm2k - detected UnsignedFile.Multi.Generic (1)
13:24:35.0718 2908  dac2w2k - ok
13:24:35.0734 2908  dac960nt - ok
13:24:35.0796 2908  [ BB005CB49D0638039703AC4F67FE0A05 ] DC21x4          C:\WINDOWS\system32\DRIVERS\dc21x4.sys
13:24:44.0125 2908  DC21x4 ( UnsignedFile.Multi.Generic ) - warning
13:24:44.0125 2908  DC21x4 - detected UnsignedFile.Multi.Generic (1)
13:24:44.0265 2908  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:24:52.0031 2908  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
13:24:52.0031 2908  DcomLaunch - detected UnsignedFile.Multi.Generic (1)
13:24:52.0109 2908  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
13:24:53.0750 2908  Dhcp ( UnsignedFile.Multi.Generic ) - warning
13:24:53.0750 2908  Dhcp - detected UnsignedFile.Multi.Generic (1)
13:24:53.0796 2908  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
13:24:54.0531 2908  Disk ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0531 2908  Disk - detected UnsignedFile.Multi.Generic (1)
13:24:54.0546 2908  dmadmin - ok
13:24:54.0843 2908  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
13:24:55.0468 2908  dmboot ( UnsignedFile.Multi.Generic ) - warning
13:24:55.0468 2908  dmboot - detected UnsignedFile.Multi.Generic (1)
13:24:55.0515 2908  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
13:24:56.0328 2908  dmio ( UnsignedFile.Multi.Generic ) - warning
13:24:56.0328 2908  dmio - detected UnsignedFile.Multi.Generic (1)
13:24:56.0406 2908  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
13:24:57.0437 2908  dmload ( UnsignedFile.Multi.Generic ) - warning
13:24:57.0453 2908  dmload - detected UnsignedFile.Multi.Generic (1)
13:24:57.0515 2908  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
13:24:58.0203 2908  dmserver ( UnsignedFile.Multi.Generic ) - warning
13:24:58.0203 2908  dmserver - detected UnsignedFile.Multi.Generic (1)
13:24:58.0250 2908  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
13:24:59.0015 2908  DMusic ( UnsignedFile.Multi.Generic ) - warning
13:24:59.0015 2908  DMusic - detected UnsignedFile.Multi.Generic (1)
13:24:59.0062 2908  [ D2EE54CDBCED01D48F2B18642BE79A98 ] DNINDIS5        C:\WINDOWS\system32\DNINDIS5.SYS
13:24:59.0828 2908  DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning
13:24:59.0828 2908  DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
13:24:59.0890 2908  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:25:00.0625 2908  Dnscache ( UnsignedFile.Multi.Generic ) - warning
13:25:00.0625 2908  Dnscache - detected UnsignedFile.Multi.Generic (1)
13:25:00.0750 2908  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:25:01.0453 2908  Dot3svc ( UnsignedFile.Multi.Generic ) - warning
13:25:01.0453 2908  Dot3svc - detected UnsignedFile.Multi.Generic (1)
13:25:01.0468 2908  dpti2o - ok
13:25:01.0546 2908  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:25:02.0187 2908  drmkaud ( UnsignedFile.Multi.Generic ) - warning
13:25:02.0187 2908  drmkaud - detected UnsignedFile.Multi.Generic (1)
13:25:02.0281 2908  [ B15F9E526BA511A48B1B1B8537815740 ] drvmcdb         C:\WINDOWS\system32\drivers\drvmcdb.sys
13:25:03.0000 2908  drvmcdb ( UnsignedFile.Multi.Generic ) - warning
13:25:03.0000 2908  drvmcdb - detected UnsignedFile.Multi.Generic (1)
13:25:03.0078 2908  [ FA4670CAE95AE2BB857C68E535661145 ] drvnddm         C:\WINDOWS\system32\drivers\drvnddm.sys
13:25:04.0093 2908  drvnddm ( UnsignedFile.Multi.Generic ) - warning
13:25:04.0093 2908  drvnddm - detected UnsignedFile.Multi.Generic (1)
13:25:04.0187 2908  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
13:25:08.0890 2908  EapHost ( UnsignedFile.Multi.Generic ) - warning
13:25:08.0890 2908  EapHost - detected UnsignedFile.Multi.Generic (1)
13:25:08.0921 2908  ELCZQN - ok
13:25:09.0500 2908  [ 6937E67923CC924CBBC5CD3DA78796FC ] emu10k          C:\WINDOWS\system32\drivers\emu10k1f.sys
13:25:11.0062 2908  emu10k ( UnsignedFile.Multi.Generic ) - warning
13:25:11.0062 2908  emu10k - detected UnsignedFile.Multi.Generic (1)
13:25:11.0156 2908  [ 6E269C51E9A1C3DE53C57B4365E510B2 ] emu10k1         C:\WINDOWS\system32\drivers\ctlface.sys
13:25:12.0140 2908  emu10k1 ( UnsignedFile.Multi.Generic ) - warning
13:25:12.0140 2908  emu10k1 - detected UnsignedFile.Multi.Generic (1)
13:25:12.0218 2908  [ A9D94B89372F3F9609A1A5EEC631A260 ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
13:25:12.0859 2908  emupia ( UnsignedFile.Multi.Generic ) - warning
13:25:12.0859 2908  emupia - detected UnsignedFile.Multi.Generic (1)
13:25:12.0921 2908  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
13:25:13.0859 2908  ERSvc ( UnsignedFile.Multi.Generic ) - warning
13:25:13.0859 2908  ERSvc - detected UnsignedFile.Multi.Generic (1)
13:25:13.0953 2908  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
13:25:14.0687 2908  Eventlog ( UnsignedFile.Multi.Generic ) - warning
13:25:14.0687 2908  Eventlog - detected UnsignedFile.Multi.Generic (1)
13:25:14.0812 2908  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
13:25:15.0890 2908  EventSystem ( UnsignedFile.Multi.Generic ) - warning
13:25:15.0890 2908  EventSystem - detected UnsignedFile.Multi.Generic (1)
13:25:15.0984 2908  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
13:25:17.0140 2908  Fastfat ( UnsignedFile.Multi.Generic ) - warning
13:25:17.0140 2908  Fastfat - detected UnsignedFile.Multi.Generic (1)
13:25:17.0234 2908  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:25:18.0140 2908  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
13:25:18.0140 2908  FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
13:25:18.0359 2908  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
13:25:19.0625 2908  Fax ( UnsignedFile.Multi.Generic ) - warning
13:25:19.0625 2908  Fax - detected UnsignedFile.Multi.Generic (1)
13:25:19.0671 2908  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
13:25:26.0765 2908  Fdc ( UnsignedFile.Multi.Generic ) - warning
13:25:26.0765 2908  Fdc - detected UnsignedFile.Multi.Generic (1)
13:25:26.0921 2908  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
13:25:27.0671 2908  Fips ( UnsignedFile.Multi.Generic ) - warning
13:25:27.0671 2908  Fips - detected UnsignedFile.Multi.Generic (1)
13:25:27.0765 2908  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:25:28.0656 2908  Flpydisk ( UnsignedFile.Multi.Generic ) - warning
13:25:28.0656 2908  Flpydisk - detected UnsignedFile.Multi.Generic (1)
13:25:28.0781 2908  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:25:30.0406 2908  FltMgr ( UnsignedFile.Multi.Generic ) - warning
13:25:30.0406 2908  FltMgr - detected UnsignedFile.Multi.Generic (1)
13:25:30.0484 2908  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:25:30.0546 2908  FontCache3.0.0.0 - ok
13:25:30.0609 2908  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:25:31.0218 2908  Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
13:25:31.0218 2908  Fs_Rec - detected UnsignedFile.Multi.Generic (1)
13:25:31.0265 2908  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:25:32.0265 2908  Ftdisk ( UnsignedFile.Multi.Generic ) - warning
13:25:32.0265 2908  Ftdisk - detected UnsignedFile.Multi.Generic (1)
13:25:32.0375 2908  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:25:32.0906 2908  gameenum ( UnsignedFile.Multi.Generic ) - warning
13:25:32.0921 2908  gameenum - detected UnsignedFile.Multi.Generic (1)
13:25:32.0968 2908  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:25:33.0062 2908  GEARAspiWDM - ok
13:25:33.0125 2908  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:25:33.0734 2908  Gpc ( UnsignedFile.Multi.Generic ) - warning
13:25:33.0734 2908  Gpc - detected UnsignedFile.Multi.Generic (1)
13:25:33.0890 2908  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b339865e9ca8 C:\Program Files\Google\Update\GoogleUpdate.exe
13:25:34.0046 2908  gupdate1c9b339865e9ca8 - ok
13:25:34.0062 2908  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:25:34.0140 2908  gupdatem - ok
13:25:34.0187 2908  [ 5467F1FF0AF264566740F67E8B810735 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:25:34.0281 2908  gusvc - ok
13:25:34.0406 2908  [ DC9847CDC43665ED4CC780947516209C ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:25:35.0421 2908  ha10kx2k ( UnsignedFile.Multi.Generic ) - warning
13:25:35.0421 2908  ha10kx2k - detected UnsignedFile.Multi.Generic (1)
13:25:35.0687 2908  [ 4236E014632F4163F53EBB717F41594C ] HCF_MSFT        C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
13:25:36.0265 2908  HCF_MSFT ( UnsignedFile.Multi.Generic ) - warning
13:25:36.0265 2908  HCF_MSFT - detected UnsignedFile.Multi.Generic (1)
13:25:36.0640 2908  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:25:37.0375 2908  helpsvc ( UnsignedFile.Multi.Generic ) - warning
13:25:37.0375 2908  helpsvc - detected UnsignedFile.Multi.Generic (1)
13:25:37.0468 2908  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
13:25:38.0328 2908  HidServ ( UnsignedFile.Multi.Generic ) - warning
13:25:38.0328 2908  HidServ - detected UnsignedFile.Multi.Generic (1)
13:25:38.0406 2908  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:25:39.0250 2908  hidusb ( UnsignedFile.Multi.Generic ) - warning
13:25:39.0250 2908  hidusb - detected UnsignedFile.Multi.Generic (1)
13:25:42.0046 2908  [ 586491600AB925FF8A5AE2892D2B12F7 ] HitmanPro37Crusader C:\Documents and Settings\User\My Documents\Computer & Internet\Troubleshoot & Repair\HitmanPro.exe
13:25:46.0750 2908  HitmanPro37Crusader - ok
13:25:46.0796 2908  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
13:25:47.0718 2908  hkmsvc ( UnsignedFile.Multi.Generic ) - warning
13:25:47.0718 2908  hkmsvc - detected UnsignedFile.Multi.Generic (1)
13:25:47.0750 2908  hpn - ok
13:25:47.0984 2908  [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:25:48.0843 2908  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:25:48.0843 2908  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:25:48.0875 2908  hpt3xx - ok
13:25:48.0937 2908  [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:25:49.0531 2908  HPZid412 ( UnsignedFile.Multi.Generic ) - warning
13:25:49.0531 2908  HPZid412 - detected UnsignedFile.Multi.Generic (1)
13:25:49.0578 2908  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:25:50.0593 2908  HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
13:25:50.0593 2908  HPZipr12 - detected UnsignedFile.Multi.Generic (1)
13:25:50.0671 2908  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:25:51.0515 2908  HPZius12 ( UnsignedFile.Multi.Generic ) - warning
13:25:51.0515 2908  HPZius12 - detected UnsignedFile.Multi.Generic (1)
13:25:51.0531 2908  Scan interrupted by user!
13:25:51.0531 2908  ================ Scan global ===============================
13:25:51.0531 2908  Scan interrupted by user!
13:25:51.0531 2908  ================ Scan MBR ==================================
13:25:51.0531 2908  Scan interrupted by user!
13:25:51.0531 2908  ================ Scan VBR ==================================
13:25:51.0531 2908  Scan interrupted by user!
13:25:51.0531 2908  ================ Scan active images ========================
13:25:51.0531 2908  Scan interrupted by user!
13:25:51.0531 2908  ============================================================
13:25:51.0531 2908  Scan finished
13:25:51.0531 2908  ============================================================
13:25:51.0562 2916  Detected object count: 76
13:25:51.0562 2916  Actual detected object count: 76
13:26:03.0406 2916  6to4 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0406 2916  6to4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0406 2916  ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0406 2916  ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0406 2916  ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0406 2916  ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0406 2916  aec ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0406 2916  aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0421 2916  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0421 2916  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0421 2916  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0421 2916  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0421 2916  agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0421 2916  agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0421 2916  Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0421 2916  Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0437 2916  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0437 2916  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0437 2916  Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0437 2916  Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0437 2916  AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0437 2916  AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0437 2916  atapi ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0437 2916  atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0437 2916  Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0437 2916  Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0453 2916  AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0453 2916  AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0453 2916  audstub ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0453 2916  audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0453 2916  Beep ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0453 2916  Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0468 2916  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0468 2916  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0468 2916  Browser ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0468 2916  Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0500 2916  bvrp_pci ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0500 2916  bvrp_pci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0500 2916  cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0500 2916  cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0500 2916  cbVSCService11 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0515 2916  cbVSCService11 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0515 2916  Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0515 2916  Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0531 2916  Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0531 2916  Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0531 2916  Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0531 2916  Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0531 2916  cisvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0531 2916  cisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0546 2916  ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0546 2916  ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0546 2916  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0546 2916  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0562 2916  CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0562 2916  CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0562 2916  ctac32k ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0562 2916  ctac32k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0562 2916  ctaud2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0562 2916  ctaud2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0578 2916  ctljystk ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0578 2916  ctljystk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0578 2916  ctprxy2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0578 2916  ctprxy2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0593 2916  ctsfm2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0593 2916  ctsfm2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0593 2916  DC21x4 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0593 2916  DC21x4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0609 2916  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0609 2916  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0609 2916  Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0609 2916  Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0625 2916  Disk ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0625 2916  Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0625 2916  dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0625 2916  dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0625 2916  dmio ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0625 2916  dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0640 2916  dmload ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0640 2916  dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0640 2916  dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0640 2916  dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0656 2916  DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0656 2916  DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0656 2916  DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0656 2916  DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0671 2916  Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0671 2916  Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0671 2916  Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0671 2916  Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0687 2916  drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0687 2916  drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0687 2916  drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0687 2916  drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0703 2916  drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0703 2916  drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0703 2916  EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0703 2916  EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0703 2916  emu10k ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0703 2916  emu10k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0718 2916  emu10k1 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0718 2916  emu10k1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0718 2916  emupia ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0718 2916  emupia ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0734 2916  ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0734 2916  ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0734 2916  Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0734 2916  Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0734 2916  EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0750 2916  EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0750 2916  Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0750 2916  Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0750 2916  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0750 2916  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0765 2916  Fax ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0765 2916  Fax ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0765 2916  Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0765 2916  Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0781 2916  Fips ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0781 2916  Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0781 2916  Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0781 2916  Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0796 2916  FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0796 2916  FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0812 2916  Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0812 2916  Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0812 2916  Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0812 2916  Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0812 2916  gameenum ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0812 2916  gameenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0828 2916  Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0828 2916  Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0828 2916  ha10kx2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0828 2916  ha10kx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0843 2916  HCF_MSFT ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0843 2916  HCF_MSFT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0843 2916  helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0843 2916  helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0859 2916  HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0859 2916  HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0859 2916  hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0859 2916  hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0859 2916  hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0859 2916  hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0875 2916  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0875 2916  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0875 2916  HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0875 2916  HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0890 2916  HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0890 2916  HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:03.0890 2916  HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:03.0890 2916  HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:10.0765 1468  Deinitialize success


#8 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 03 March 2013 - 07:35 PM

MBAR Log

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_31
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.993000 GHz
Memory total: 1073004544, free: 434311168
 
------------ Kernel report ------------
     03/03/2013 17:08:35
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spya.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
intelide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
IdeBusDr.sys
VolSnap.sys
atapi.sys
IdeChnDr.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
KSafeDISK.sys
kl1.sys
IPVNMon.sys
agp440.sys
BTOWSVF.sys
79497392.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\dc21x4.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\StarPortLite.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\vsdatant.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\dump_IdeChnDr.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86aa6040
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\
Lower Device Object: 0xffffffff87bc9040
Lower Device Driver Name: \Driver\IdeChnDr\
Driver name found: IdeChnDr
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.03.11
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86aa6040, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86aa6e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86aa6040, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87b24550, DeviceName: \Device\0000007a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87bc9040, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe28e4a80, 0xffffffff86aa6040, 0xffffffff8641b598
Lower DeviceData: 0xffffffffe2d62700, 0xffffffff87bc9040, 0xffffffff864b7050
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B2ECD36F
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 160071597
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 81964302336 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-160066528-160086528)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\application data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\avast software\Avast\snx_lconfig.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\avast software\Avast\webshield.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\application data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\start menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\start menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\local settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\local settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\local settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\local settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\local settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\local settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\local settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\local settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\local settings\application data\microsoft\feeds cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\feeds cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\feeds cache\desktop.ini" is compressed (flags = 1)
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC|Start --> [Disabled.Cryptsvc]
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_31
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.993000 GHz
Memory total: 1073004544, free: 743632896
 
Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_31
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.993000 GHz
Memory total: 1073004544, free: 461447168
 
------------ Kernel report ------------
     03/03/2013 18:19:46
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sphv.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
intelide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
IdeBusDr.sys
VolSnap.sys
atapi.sys
IdeChnDr.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
KSafeDISK.sys
kl1.sys
IPVNMon.sys
agp440.sys
BTOWSVF.sys
79497392.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\dc21x4.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\StarPortLite.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\vsdatant.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_IdeChnDr.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86aa6040
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\
Lower Device Object: 0xffffffff87bc9040
Lower Device Driver Name: \Driver\IdeChnDr\
Driver name found: IdeChnDr
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86aa6040, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86aa6e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86aa6040, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87b24550, DeviceName: \Device\0000007a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87bc9040, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe2c57418, 0xffffffff86aa6040, 0xffffffff86441408
Lower DeviceData: 0xffffffffe2c68758, 0xffffffff87bc9040, 0xffffffff86469af8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B2ECD36F
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 160071597
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 81964302336 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-160066528-160086528)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\application data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\avast software\Avast\snx_lconfig.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\avast software\Avast\webshield.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\application data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\start menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\start menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\administrator.user-ypo7ri9yhm\local settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Guest\local settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)


#9 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 03 March 2013 - 07:42 PM

I finished MBAR second scan and it came back clean.  Due to all my problems I ran fixdamage.  I am still in safe mode and will reboot and see how things go.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 03 March 2013 - 09:13 PM


Hello jujube

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
      • let me know of any problems you may have had
        • How is the computer doing now after running the script?
      Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 03 March 2013 - 09:24 PM

Gringo, My system still freezes up at the point it is opening desktop icons.  Not just freezing but the system clock is freezing up. I have given it up to 10 minutes to restart and nothing happens so I have to reboot.  Is it okay to do everything from your last message in safe mode with networking?



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 03 March 2013 - 09:44 PM

yes run in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 04 March 2013 - 12:09 PM

 
Okay I a lot of problems trying to disable AV and FW programs.  Kept getting "Access Denied" may need to be signed in as "administrator". Did that and still same messages.  Finally they disabled even though I always got the "Access Denied" msg.  Also while ComboFix was running I got the following: PEV.exe Application Error - The execution unknown software execution (0x40000015) occurred in the application at location 0x0048dlc0.  Here is the log.  I will reboot and run it again to see what happens.
ComboFix 13-03-02.01 - User 03/04/2013  10:24:43.2.1 - x86 NETWORK
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-04 to 2013-03-04  )))))))))))))))))))))))))))))))
.
.
2100-02-08 22:03 . 2001-05-11 17:39    53248    ------w-    c:\program files\ACMonitor_X73.exe
2013-03-04 00:19 . 2013-03-04 00:19    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-03-02 23:19 . 2012-10-30 23:51    361032    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-03-02 23:19 . 2012-10-30 23:51    21256    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-03-02 23:19 . 2012-10-30 23:51    54232    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-03-02 23:19 . 2012-10-30 23:51    35928    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-03-02 23:19 . 2012-10-30 23:51    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-03-02 23:19 . 2012-10-30 23:51    97608    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2013-03-02 23:19 . 2012-10-30 23:51    89752    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2013-03-02 23:19 . 2012-10-30 23:51    25256    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2013-03-02 23:16 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-03-02 23:15 . 2013-03-02 23:15    --------    d-----w-    c:\program files\AVAST Software
2013-03-01 18:39 . 2013-03-01 18:39    --------    d-----w-    c:\program files\Cobian Backup 11
2013-03-01 03:58 . 2013-03-01 03:58    388096    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-01 03:58 . 2013-03-01 03:58    --------    d-----w-    c:\program files\Trend Micro
2013-03-01 03:33 . 2012-10-29 14:20    27232    ------w-    c:\windows\system32\drivers\rspSanity32XP.sys
2013-03-01 03:33 . 2013-03-01 03:33    --------    d-----w-    c:\program files\SanityCheck
2013-02-28 19:00 . 2013-02-28 19:00    --------    d-----w-    c:\windows\ERUNT
2013-02-28 18:59 . 2013-02-28 18:59    --------    d-----w-    C:\JRT
2013-02-28 18:48 . 2007-07-07 06:39    19248    ------w-    c:\windows\system32\drivers\rspsc32.sys
2013-02-28 18:48 . 2013-03-01 03:31    --------    d-----w-    c:\program files\RootKit Hook Analyzer
2013-02-28 18:07 . 2013-02-28 06:18    133208    ------w-    c:\windows\system32\drivers\79497392.sys
2013-02-25 17:39 . 2013-02-25 17:39    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\vlc
2013-02-25 00:10 . 2013-02-25 00:10    --------    d-sh--w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\PrivacIE
2013-02-24 18:45 . 2013-02-24 18:45    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\Malwarebytes
2013-02-22 23:37 . 2013-02-22 23:43    --------    d-----w-    c:\windows\system32\CatRoot_bak
2013-02-22 23:28 . 2013-02-22 23:28    1330176    ------w-    c:\windows\is-MBO8C.exe
2013-02-22 22:59 . 2013-02-23 20:02    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Local Settings\Application Data\Google
2013-02-22 16:24 . 2013-02-22 16:24    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\Windows Search
2013-02-22 02:20 . 2013-02-22 13:54    --------    d-----w-    c:\documents and settings\User\Doctor Web
2013-02-21 23:23 . 2012-09-13 02:19    66344    ------w-    c:\windows\system32\drivers\sbapifs.sys
2013-02-21 23:23 . 2012-09-13 02:19    22064    ------w-    c:\windows\system32\drivers\sbaphd.sys
2013-02-21 23:23 . 2012-09-20 11:11    94496    ------w-    c:\windows\system32\drivers\sbhips.sys
2013-02-21 23:22 . 2012-09-20 11:39    44424    ------w-    c:\windows\system32\sbbd.exe
2013-02-21 23:20 . 2013-03-03 22:19    --------    d-----w-    c:\program files\UnThreat AntiVirus
2013-02-21 23:20 . 2013-02-23 02:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\UnThreat
2013-02-21 22:41 . 2013-02-21 22:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sophos
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-02-21 22:39 . 2013-02-21 22:39    --------    d-----w-    c:\program files\Sophos
2013-02-21 17:39 . 2013-02-28 00:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\SecTaskMan
2013-02-21 17:39 . 2013-02-24 18:49    --------    d-----w-    c:\program files\Security Task Manager
2013-02-19 16:14 . 2013-02-19 16:14    --------    d-----w-    C:\CCE_Quarantine
2013-02-19 06:52 . 2013-02-28 01:37    --------    d-----w-    c:\program files\Free Window Registry Repair
2013-02-16 21:04 . 2013-02-16 21:04    --------    d-----w-    c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2013-02-16 21:04 . 2013-02-22 14:06    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-02-13 00:29 . 2002-12-10 00:19    147512    ------w-    c:\windows\system32\hpzlnt07.dll
2013-02-13 00:29 . 2002-12-10 00:19    270336    ------w-    c:\windows\system32\hpzcon07.dll
2013-02-13 00:29 . 2002-12-10 00:19    208896    ------w-    c:\windows\system32\hpzcoi07.dll
2013-02-12 23:58 . 2001-05-15 00:15    10368    ------w-    c:\windows\system32\drivers\omci.sys
2013-02-12 23:58 . 2001-08-23 17:53    176128    ------w-    c:\windows\system32\RcdScan.dll
2013-02-12 23:58 . 2000-03-23 19:50    446464    ------r-    c:\windows\system32\hhactivex.dll
2013-02-12 23:58 . 1999-05-07 20:24    414944    ------w-    c:\windows\system32\COMCT332.OCX
2013-02-12 23:58 . 1998-11-10 17:46    328480    ------w-    c:\windows\system32\ssa3d30.ocx
2013-02-12 23:58 . 1998-06-18 06:00    89360    ------w-    c:\windows\system32\VB5DB.DLL
2013-02-12 20:48 . 2013-02-12 20:48    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-02-07 19:17 . 2013-02-07 19:17    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\MediaMonkey
2013-02-07 03:52 . 2013-02-07 03:52    --------    d-----w-    c:\documents and settings\User\Downloads
2013-02-05 19:26 . 2013-02-05 19:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-04 18:19 . 2013-02-04 18:21    --------    dc----w-    c:\windows\ie8
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 21:22 . 2013-02-02 04:35    12872    ------w-    c:\windows\system32\bootdelete.exe
2012-12-16 12:23 . 2001-08-18 12:00    290560    ------w-    c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2011-05-17 02:17    21104    ------w-    c:\windows\system32\drivers\mbam.sys
2001-05-08 22:36 . 2000-12-05 21:56    114688    ------w-    c:\program files\lxarscan.dll
2011-04-30 03:49 . 2011-04-17 22:59    142296    ------w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
.
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\system32\mshtml.dll
[-] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2012-11-12 . 9C46E5C82F94D9AEDD2CE798F0DF1158 . 6008832 . . [8.00.6001.19393] . . c:\windows\ie8updates\KB2799329-IE8\mshtml.dll
[-] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie8\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-08-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\system32\wininet.dll
[-] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\system32\dllcache\wininet.dll
[-] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2744842-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2001-08-18 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2001-08-18 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\system32\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\iprip.dll
.
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
.
[-] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\system32\ntkrnlpa.exe
[-] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\system32\ntoskrnl.exe
[-] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-30 73832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42    72208    ------w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.USER-YPO7RI9YHM^Start Menu^Programs^Startup^Uninstall LastPass RunOnce.lnk]
backup=c:\windows\pss\Uninstall LastPass RunOnce.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ------w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2013-01-16 00:47    491840    ------w-    c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 20:13    59280    ------w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32    203264    ------w-    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 23:50    4297136    ----a-w-    c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ------w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2010-10-14 08:11    487424    ------w-    c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36    30040    ------w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18    241664    ------w-    c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-12-10 00:19    188416    ------w-    c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 15:54    150016    ------w-    c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-11-22 14:32    738984    ----a-w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
2001-07-11 18:08    53248    ------w-    c:\progra~1\LexmarkX73\AcBtnMgr_X73.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
2001-10-08 22:21    53248    ------w-    c:\progra~1\LexmarkX73\ACMonitor_X73.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 02:42    95632    ------w-    c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quicknote]
2010-02-23 22:41    1253376    ------w-    c:\program files\Quicknote\quicknote.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38    421888    ------w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-02-22 14:06    4763008    ------w-    c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolwizCareFree]
2012-09-26 18:06    5183064    ------w-    c:\program files\ToolwizCareFree\ToolwizCares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnThreat]
2012-12-14 19:39    12197040    ----a-w-    c:\program files\UnThreat AntiVirus\UnThreat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm]
2013-01-30 02:35    73832    ----a-w-    c:\program files\CheckPoint\ZoneAlarm\zatray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"YZKRVCALEGGW"=3 (0x3)
"xmlprov"=3 (0x3)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WSearch"=2 (0x2)
"wscsvc"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"WinRM"=3 (0x3)
"winmgmt"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"UTSvcManager3"=2 (0x2)
"UPS"=3 (0x3)
"TrkWks"=3 (0x3)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"srservice"=2 (0x2)
"spupdsvc"=2 (0x2)
"Spooler"=2 (0x2)
"SophosVirusRemovalTool"=3 (0x3)
"SNMPTRAP"=3 (0x3)
"SNMP"=2 (0x2)
"SimpTcp"=2 (0x2)
"ShellHWDetection"=3 (0x3)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=3 (0x3)
"PolicyAgent"=2 (0x2)
"PNRPSvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"p2psvc"=3 (0x3)
"p2pimsvc"=3 (0x3)
"p2pgasvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=2 (0x2)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"McciCMService"=2 (0x2)
"LPDSVC"=2 (0x2)
"LmHosts"=2 (0x2)
"LBTServ"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IMFservice"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HitmanPro37Crusader"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1c9b339865e9ca8"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ELCZQN"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v4.0.30319_32"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"cisvc"=3 (0x3)
"cbVSCService11"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=2 (0x2)
"6to4"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"WINDVDPatch"=CTHELPER.EXE
"AHQInit"=c:\program files\Creative\SBLive\Program\AHQInit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\UnThreat AntiVirus\\UnThreat.exe"=
"c:\\Program Files\\UnThreat AntiVirus\\utsvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 BTOWSFF;BTOWSFF;c:\windows\system32\Drivers\BTOWSFF.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [x]
R1 setup_9.0.0.722_23.04.2011_06-57drv;setup_9.0.0.722_23.04.2011_06-57drv;c:\windows\system32\DRIVERS\2577372.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 ppsio;PrmxPPDev; [x]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [x]
R2 VWavD32;VWavD32; [x]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity32XP.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
R4 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [x]
R4 ELCZQN;ELCZQN;c:\docume~1\User\LOCALS~1\Temp\ELCZQN.exe [x]
R4 gupdate1c9b339865e9ca8;Google Update Service (gupdate1c9b339865e9ca8);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\documents and settings\User\My Documents\Computer & Internet\Troubleshoot & Repair\HitmanPro.exe [x]
R4 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R4 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]
R4 UTSvcManager3;UnThreat Service Manager;c:\program files\UnThreat AntiVirus\utsvc.exe [x]
R4 YZKRVCALEGGW;YZKRVCALEGGW; [x]
S0 79497392;79497392;c:\windows\system32\DRIVERS\79497392.sys [x]
S0 BTOWSVF;BTOWSVF;c:\windows\system32\Drivers\BTOWSVF.sys [x]
S0 KSafeDISK;KSafeDISK;c:\windows\system32\Drivers\KSafeDISK.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper    REG_MULTI_SZ       getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-01 17:17    1629648    ------w-    c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-04 00:47]
.
2013-03-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-02 23:50]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce04d5c35cb120.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 02:19]
.
2013-03-04 c:\windows\Tasks\User_Feed_Synchronization-{7DFF4C9B-D465-468E-A588-48C3416683CA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.excite.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download With Album Copier - c:\program files\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: excite.com\www
Trusted Zone: excite.com\www1
Trusted Zone: google.com\b.mail
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fh8xn7nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92260039460780884
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - 
FF - ExtSQL: !HIDDEN! 2009-09-07 02:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-40089231.sys
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-04 10:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2013-03-04  10:38:17
ComboFix-quarantined-files.txt  2013-03-04 16:38
ComboFix2.txt  2013-03-02 20:54
.
Pre-Run: 36,991,381,504 bytes free
Post-Run: 37,086,318,592 bytes free
.
- - End Of File - - 0ECCDB3FA27CB446235FBF3CE37F13FC


#14 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 04 March 2013 - 01:32 PM

It took 3 tries to get Combofix to run even in Safe Mode.  It locked up twice and I had to force a reboot because the system wouldn't respond when I clicked restart multiple times.  Following is the recent log from Combofix.

 

 

ComboFix 13-03-02.01 - User 03/04/2013  12:12:42.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.747 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-04 to 2013-03-04  )))))))))))))))))))))))))))))))
.
.
2100-02-08 22:03 . 2001-05-11 17:39    53248    ------w-    c:\program files\ACMonitor_X73.exe
2013-03-04 00:19 . 2013-03-04 00:19    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-03-02 23:19 . 2012-10-30 23:51    361032    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-03-02 23:19 . 2012-10-30 23:51    21256    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-03-02 23:19 . 2012-10-30 23:51    54232    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-03-02 23:19 . 2012-10-30 23:51    35928    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-03-02 23:19 . 2012-10-30 23:51    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-03-02 23:19 . 2012-10-30 23:51    97608    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2013-03-02 23:19 . 2012-10-30 23:51    89752    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2013-03-02 23:19 . 2012-10-30 23:51    25256    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2013-03-02 23:16 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-03-02 23:15 . 2013-03-02 23:15    --------    d-----w-    c:\program files\AVAST Software
2013-03-01 18:39 . 2013-03-01 18:39    --------    d-----w-    c:\program files\Cobian Backup 11
2013-03-01 03:58 . 2013-03-01 03:58    388096    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-01 03:58 . 2013-03-01 03:58    --------    d-----w-    c:\program files\Trend Micro
2013-03-01 03:33 . 2012-10-29 14:20    27232    ------w-    c:\windows\system32\drivers\rspSanity32XP.sys
2013-03-01 03:33 . 2013-03-01 03:33    --------    d-----w-    c:\program files\SanityCheck
2013-02-28 19:00 . 2013-02-28 19:00    --------    d-----w-    c:\windows\ERUNT
2013-02-28 18:59 . 2013-02-28 18:59    --------    d-----w-    C:\JRT
2013-02-28 18:48 . 2007-07-07 06:39    19248    ------w-    c:\windows\system32\drivers\rspsc32.sys
2013-02-28 18:48 . 2013-03-01 03:31    --------    d-----w-    c:\program files\RootKit Hook Analyzer
2013-02-28 18:07 . 2013-02-28 06:18    133208    ------w-    c:\windows\system32\drivers\79497392.sys
2013-02-25 17:39 . 2013-02-25 17:39    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\vlc
2013-02-25 00:10 . 2013-02-25 00:10    --------    d-sh--w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\PrivacIE
2013-02-24 18:45 . 2013-02-24 18:45    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\Malwarebytes
2013-02-22 23:37 . 2013-02-22 23:43    --------    d-----w-    c:\windows\system32\CatRoot_bak
2013-02-22 23:28 . 2013-02-22 23:28    1330176    ------w-    c:\windows\is-MBO8C.exe
2013-02-22 22:59 . 2013-02-23 20:02    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Local Settings\Application Data\Google
2013-02-22 16:24 . 2013-02-22 16:24    --------    d-----w-    c:\documents and settings\Administrator.USER-YPO7RI9YHM\Application Data\Windows Search
2013-02-22 02:20 . 2013-02-22 13:54    --------    d-----w-    c:\documents and settings\User\Doctor Web
2013-02-21 23:23 . 2012-09-13 02:19    66344    ------w-    c:\windows\system32\drivers\sbapifs.sys
2013-02-21 23:23 . 2012-09-13 02:19    22064    ------w-    c:\windows\system32\drivers\sbaphd.sys
2013-02-21 23:23 . 2012-09-20 11:11    94496    ------w-    c:\windows\system32\drivers\sbhips.sys
2013-02-21 23:22 . 2012-09-20 11:39    44424    ------w-    c:\windows\system32\sbbd.exe
2013-02-21 23:20 . 2013-03-03 22:19    --------    d-----w-    c:\program files\UnThreat AntiVirus
2013-02-21 23:20 . 2013-02-23 02:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\UnThreat
2013-02-21 22:41 . 2013-02-21 22:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sophos
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-02-21 22:40 . 2013-02-21 22:40    73728    ------r-    c:\documents and settings\User\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-02-21 22:39 . 2013-02-21 22:39    --------    d-----w-    c:\program files\Sophos
2013-02-21 17:39 . 2013-02-28 00:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\SecTaskMan
2013-02-21 17:39 . 2013-02-24 18:49    --------    d-----w-    c:\program files\Security Task Manager
2013-02-19 16:14 . 2013-02-19 16:14    --------    d-----w-    C:\CCE_Quarantine
2013-02-19 06:52 . 2013-02-28 01:37    --------    d-----w-    c:\program files\Free Window Registry Repair
2013-02-13 00:29 . 2002-12-10 00:19    147512    ------w-    c:\windows\system32\hpzlnt07.dll
2013-02-13 00:29 . 2002-12-10 00:19    270336    ------w-    c:\windows\system32\hpzcon07.dll
2013-02-13 00:29 . 2002-12-10 00:19    208896    ------w-    c:\windows\system32\hpzcoi07.dll
2013-02-12 23:58 . 2001-05-15 00:15    10368    ------w-    c:\windows\system32\drivers\omci.sys
2013-02-12 23:58 . 2001-08-23 17:53    176128    ------w-    c:\windows\system32\RcdScan.dll
2013-02-12 23:58 . 2000-03-23 19:50    446464    ------r-    c:\windows\system32\hhactivex.dll
2013-02-12 23:58 . 1999-05-07 20:24    414944    ------w-    c:\windows\system32\COMCT332.OCX
2013-02-12 23:58 . 1998-11-10 17:46    328480    ------w-    c:\windows\system32\ssa3d30.ocx
2013-02-12 23:58 . 1998-06-18 06:00    89360    ------w-    c:\windows\system32\VB5DB.DLL
2013-02-12 20:48 . 2013-02-12 20:48    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-02-07 19:17 . 2013-02-07 19:17    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\MediaMonkey
2013-02-07 03:52 . 2013-02-07 03:52    --------    d-----w-    c:\documents and settings\User\Downloads
2013-02-05 19:26 . 2013-02-05 19:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-04 18:19 . 2013-02-04 18:21    --------    dc----w-    c:\windows\ie8
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 21:22 . 2013-02-02 04:35    12872    ------w-    c:\windows\system32\bootdelete.exe
2012-12-16 12:23 . 2001-08-18 12:00    290560    ------w-    c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2011-05-17 02:17    21104    ------w-    c:\windows\system32\drivers\mbam.sys
2001-05-08 22:36 . 2000-12-05 21:56    114688    ------w-    c:\program files\lxarscan.dll
2011-04-30 03:49 . 2011-04-17 22:59    142296    ------w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-30 73832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42    72208    ------w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.USER-YPO7RI9YHM^Start Menu^Programs^Startup^Uninstall LastPass RunOnce.lnk]
backup=c:\windows\pss\Uninstall LastPass RunOnce.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ------w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2013-01-16 00:47    491840    ------w-    c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 20:13    59280    ------w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32    203264    ------w-    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 23:50    4297136    ----a-w-    c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ------w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2010-10-14 08:11    487424    ------w-    c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36    30040    ------w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18    241664    ------w-    c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-12-10 00:19    188416    ------w-    c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 15:54    150016    ------w-    c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-11-22 14:32    738984    ----a-w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
2001-07-11 18:08    53248    ------w-    c:\progra~1\LexmarkX73\AcBtnMgr_X73.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
2001-10-08 22:21    53248    ------w-    c:\progra~1\LexmarkX73\ACMonitor_X73.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 02:42    95632    ------w-    c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quicknote]
2010-02-23 22:41    1253376    ------w-    c:\program files\Quicknote\quicknote.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38    421888    ------w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolwizCareFree]
2012-09-26 18:06    5183064    ------w-    c:\program files\ToolwizCareFree\ToolwizCares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnThreat]
2012-12-14 19:39    12197040    ----a-w-    c:\program files\UnThreat AntiVirus\UnThreat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm]
2013-01-30 02:35    73832    ----a-w-    c:\program files\CheckPoint\ZoneAlarm\zatray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"WINDVDPatch"=CTHELPER.EXE
"AHQInit"=c:\program files\Creative\SBLive\Program\AHQInit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\UnThreat AntiVirus\\UnThreat.exe"=
"c:\\Program Files\\UnThreat AntiVirus\\utsvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 79497392;79497392;c:\windows\system32\drivers\79497392.sys [2/28/2013 12:07 PM 133208]
R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [12/28/2011 6:20 PM 43584]
R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [12/28/2011 6:20 PM 48192]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/11/2009 2:20 PM 721904]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [5/14/2012 4:18 PM 11352]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [1/11/2009 2:19 PM 95592]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/12/2011 9:14 AM 28552]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/2/2013 5:19 PM 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/2/2013 5:19 PM 361032]
S1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [12/28/2011 6:20 PM 27200]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/21/2013 5:23 PM 22064]
S1 setup_9.0.0.722_23.04.2011_06-57drv;setup_9.0.0.722_23.04.2011_06-57drv;c:\windows\system32\drivers\2577372.sys [4/22/2011 11:17 PM 315408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/2/2013 5:19 PM 21256]
S2 ppsio;PrmxPPDev;c:\windows\system32\drivers\ppsio.sys [2/26/1998 4:32 AM 109824]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/21/2013 5:23 PM 66344]
S2 VWavD32;VWavD32;c:\windows\system32\drivers\VWavD32.sys [3/25/1998 12:45 AM 27520]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [12/21/2006 9:58 PM 17149]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/3/2013 6:19 PM 35144]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32XP.sys [2/28/2013 9:33 PM 27232]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2/21/2013 5:23 PM 94496]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/4/2012 4:22 PM 465216]
S4 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [3/1/2013 12:39 PM 67584]
S4 ELCZQN;ELCZQN;c:\docume~1\User\LOCALS~1\Temp\ELCZQN.exe --> c:\docume~1\User\LOCALS~1\Temp\ELCZQN.exe [?]
S4 gupdate1c9b339865e9ca8;Google Update Service (gupdate1c9b339865e9ca8);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2009 8:19 PM 133104]
S4 HitmanPro37Crusader;HitmanPro 3.7 Crusader;c:\documents and settings\User\My Documents\Computer & Internet\Troubleshoot & Repair\HitmanPro.exe [2/1/2013 9:49 PM 8946432]
S4 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2/21/2013 10:26 AM 821592]
S4 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [12/4/2012 4:46 PM 152640]
S4 UTSvcManager3;UnThreat Service Manager;c:\program files\UnThreat AntiVirus\utsvc.exe [2/21/2013 5:21 PM 2852016]
S4 YZKRVCALEGGW;YZKRVCALEGGW; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper    REG_MULTI_SZ       getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-01 17:17    1629648    ------w-    c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-04 00:47]
.
2013-03-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-02 23:50]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce04d5c35cb120.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 02:19]
.
2013-03-04 c:\windows\Tasks\User_Feed_Synchronization-{7DFF4C9B-D465-468E-A588-48C3416683CA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.excite.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download With Album Copier - c:\program files\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: excite.com\www
Trusted Zone: excite.com\www1
Trusted Zone: google.com\b.mail
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fh8xn7nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92260039460780884
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - 
FF - ExtSQL: !HIDDEN! 2009-09-07 02:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-04 12:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-03-04  12:25:17
ComboFix-quarantined-files.txt  2013-03-04 18:25
ComboFix2.txt  2013-03-04 16:38
ComboFix3.txt  2013-03-02 20:54
.
Pre-Run: 37,494,452,224 bytes free
Post-Run: 37,494,145,024 bytes free
.
- - End Of File - - 7180E615090817BF8E755B22F2A604EE


#15 jujube

jujube
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, OK
  • Local time:10:54 PM

Posted 04 March 2013 - 04:07 PM

I have been able to start the system in normal mode but am experiencing some issues.  Avast antivirus in corrupted and haven't been able to uninstall it so I can reinstall.  Am working on that.  ZoneAlarm won't update. Device Manager dissappeared and so did my sound mixer.  Am working on those.  Any help would be appreciated and I will post if I get any of these resolved.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users