Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IRP hooks detected (TB-Psychotic)


  • This topic is locked This topic is locked
16 replies to this topic

#1 Prhys

Prhys

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 30 October 2013 - 12:07 PM

I run Windows XP on a desktop with AVG 2013 antivirus. I received an email from AVG inviting me to update to AVG 2014, which I did. Having done so I did a complete system virus scan to see if there had been any difference from the one I did 3 days earlier with the AVG 2013. There was! it advised me that 13 IRP hooks had been found and were potentially dangerous.

 

Not knowing anything about IRP hooks, I did a Google search for information and came across Bleeping Computer.com and found that TB-Psychotic had solved a very similar problem for Tinyeyes in September. The symptoms seemed very similar as both involved AVG antivirus and the o.s. were both XP, so I thought rather naively that I would follow the advice given as it had successfully solved Tinyeyes' problem.

 

I backed up My Documents, photos, music etc to a DVD (just in case anything went wrong, athough I do have a Buffalo external h.d. linked as drive F:/) and started.

 

I downloaded and scanned with aswMBR and the log is:-

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-29 09:56:01
-----------------------------
09:56:01.375    OS Version: Windows 5.1.2600 Service Pack 3
09:56:01.375    Number of processors: 1 586 0x5F02
09:56:01.375    ComputerName: XPPRYCE  UserName: User
09:56:03.156    Initialize success
09:57:58.812    AVAST engine defs: 13102801
09:58:19.531    The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-29 09:56:01
-----------------------------
09:56:01.375    OS Version: Windows 5.1.2600 Service Pack 3
09:56:01.375    Number of processors: 1 586 0x5F02
09:56:01.375    ComputerName: XPPRYCE  UserName: User
09:56:03.156    Initialize success
09:57:58.812    AVAST engine defs: 13102801
09:58:19.531    The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
09:58:38.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:58:38.593    Disk 0 Vendor: ExcelStor_Technology_J8160 P22OA40U Size: 157066MB BusType: 3
09:58:38.890    Disk 0 MBR read successfully
09:58:38.890    Disk 0 MBR scan
09:58:38.953    Disk 0 Windows XP default MBR code
09:58:39.000    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       157057 MB offset 63
09:58:39.015    Disk 0 scanning sectors +321653430
09:58:39.250    Disk 0 scanning C:\WINDOWS\system32\drivers
09:59:24.671    Service scanning
09:59:34.453    Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
10:00:01.218    Modules scanning
10:00:16.671    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
10:00:18.203    Module: C:\WINDOWS\system32\ntdll.dll  **SUSPICIOUS**
10:00:18.203    Disk 0 trace - called modules:
10:00:18.203    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:00:18.203    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a518ab8]
10:00:18.203    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a519f18]
10:00:18.203    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a527940]
10:00:19.921    AVAST engine scan C:\WINDOWS
10:00:35.265    AVAST engine scan C:\WINDOWS\system32
10:06:19.187    AVAST engine scan C:\WINDOWS\system32\drivers
10:06:42.921    AVAST engine scan C:\Documents and Settings\User
10:26:50.593    AVAST engine scan C:\Documents and Settings\All Users
10:32:59.968    Scan finished successfully
10:33:37.171    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
10:33:37.171    The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"


I then downloaded Combofix, disabled AVG antivirus 2014 and ran ComboFix. It downloaded Microsoft Recovery Console and installed it, just as expected.

 

The log is below (Rather long, i am afraid):ComboFix 13-10-28.01 - User 29/10/2013  12:00:02.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1473 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-29  )))))))))))))))))))))))))))))))
.
.
2013-10-26 08:53 . 2013-10-29 10:42    --------    d-----w-    c:\program files\AVG Secure Search
2013-10-19 16:15 . 2013-10-19 16:15    --------    d-----w-    c:\documents and settings\User\Application Data\Oracle
2013-10-19 16:12 . 2013-10-08 06:29    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-19 16:12 . 2013-10-08 06:50    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 15:04 . 2013-10-17 15:04    108816    ----a-w-    c:\windows\system32\drivers\RapportKELL.sys
2013-10-11 16:22 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-11 16:22 . 2013-07-03 01:59    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-11 16:21 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 16:21 . 2013-07-17 00:58    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 16:20 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-11 16:20 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-11 16:20 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-11 16:20 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-04 15:13 . 2013-10-04 15:13    --------    d-----w-    c:\program files\Common Files\Java
2013-10-04 11:24 . 2013-10-04 11:24    21361    ----a-w-    c:\windows\system32\drivers\AegisP.sys
2013-10-04 10:51 . 2013-10-04 10:51    --------    d-----w-    c:\windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
2013-10-03 15:22 . 2013-10-04 11:35    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-10-03 15:22 . 2013-10-03 15:22    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2013-10-02 17:39 . 2013-10-02 17:40    --------    d-----w-    c:\documents and settings\User\Application Data\GetRight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-04 16:05 . 2012-11-09 16:12    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-09-23 18:33 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-08-29 01:31 . 2004-08-04 12:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2004-08-04 12:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-05 13:30 . 2004-08-04 12:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2006-10-18 20:47    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2009-03-23 12:11 . 2009-03-23 12:12    29800960    ----a-w-    c:\program files\Memeo AutoBackup.msi
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2004-08-04 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-04 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2004-08-04 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-10-29 2404376]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Memeo protects your files by backing them up while you work.  If this service is disabled, Memeo will not be able to protect your data..lnk - c:\program files\Tanagra\Memeo\MemeoLauncher.exe --silent [2006-8-3 196608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053v3011\Belkinwcui.exe [2008-4-7 1736704]
Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\Programs\MFIndexer.exe   [2007-4-10 82944]
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe  /h [2007-4-11 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/11/2012 16:12 37664]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [05/04/2012 17:25 146904]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [29/10/2013 09:01 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [23/08/2012 11:31 1532280]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [08/07/2013 10:00 1598128]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [04/10/2013 16:06 1734680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [04/07/2012 15:26 10088]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 03:47 98304]
S2 gupdate1c9a94f54d6fe3a;Google Update Service (gupdate1c9a94f54d6fe3a);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 11:30 133104]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 02:40 118784]
S3 Rockusb;Driver for Rockusb Device;c:\windows\system32\drivers\rockusb.sys [18/02/2013 23:49 45040]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [03/10/2013 15:22 13464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGTP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 11:30]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 11:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/weather/hp3
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ghzu6nhc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/weather/hp3
FF - ExtSQL: 2013-10-26 09:53; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.0.0.12
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-29 12:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-10-29  12:22:22
ComboFix-quarantined-files.txt  2013-10-29 12:22
ComboFix2.txt  2013-10-29 11:22
.
Pre-Run: 120,591,282,176 bytes free
Post-Run: 120,571,731,968 bytes free
.
- - End Of File - - 93887354258B6DB5279036C98F0AD843
8F558EB6672622401DA993E1E865C861
 

 

And ComboFix. txt :

 

ComboFix 13-10-28.01 - User 29/10/2013  12:00:02.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1473 [GMT 0:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\dasetup.log
C:\WINDOWS\EventSystem.log
C:\WINDOWS\wininit.ini


(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-29  )))))))))))))))))))))))))))))))


2013-10-26 08:53:12 . 2013-10-29 10:42:30    --------    d-----w-    C:\Program Files\AVG Secure Search
2013-10-19 16:15:09 . 2013-10-19 16:15:09    --------    d-----w-    C:\Documents and Settings\User\Application Data\Oracle
2013-10-19 16:12:34 . 2013-10-08 06:29:36    145408    ----a-w-    C:\WINDOWS\system32\javacpl.cpl
2013-10-19 16:12:19 . 2013-10-08 06:50:41    94632    ----a-w-    C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-17 15:04:56 . 2013-10-17 15:04:56    108816    ----a-w-    C:\WINDOWS\system32\drivers\RapportKELL.sys
2013-10-11 16:22:14 . 2013-07-03 02:12:52    25088    -c----w-    C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-11 16:22:14 . 2013-07-03 01:59:02    14976    -c----w-    C:\WINDOWS\system32\dllcache\usbscan.sys
2013-10-11 16:21:42 . 2013-07-17 00:58:17    123008    -c----w-    C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-11 16:21:42 . 2013-07-17 00:58:03    60160    -c----w-    C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-11 16:20:45 . 2013-08-09 00:55:08    144128    -c----w-    C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-11 16:20:45 . 2013-08-09 00:55:07    32384    -c----w-    C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-11 16:20:45 . 2013-08-09 00:55:06    5376    -c----w-    C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-11 16:20:45 . 2009-03-18 11:02:23    30336    -c----w-    C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-04 15:13:33 . 2013-10-04 15:13:33    --------    d-----w-    C:\Program Files\Common Files\Java
2013-10-04 11:24:37 . 2013-10-04 11:24:37    21361    ----a-w-    C:\WINDOWS\system32\drivers\AegisP.sys
2013-10-04 10:51:49 . 2013-10-04 10:51:49    --------    d-----w-    C:\WINDOWS\{B251C9DD-FCEA-4039-966F-B989C65D2302}
2013-10-03 15:22:23 . 2013-10-04 11:35:48    13464    ----a-w-    C:\WINDOWS\system32\drivers\SWDUMon.sys
2013-10-03 15:22:21 . 2013-10-03 15:22:21    --------    d-----w-    C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2013-10-02 17:39:27 . 2013-10-02 17:40:01    --------    d-----w-    C:\Documents and Settings\User\Application Data\GetRight
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-04 16:05:51 . 2012-11-09 16:12:16    37664    ----a-w-    C:\WINDOWS\system32\drivers\avgtpx86.sys
2013-09-23 18:33:58 . 2004-08-04 12:00:00    920064    ----a-w-    C:\WINDOWS\system32\wininet.dll
2013-09-23 18:33:57 . 2004-08-04 12:00:00    43520    ----a-w-    C:\WINDOWS\system32\licmgr10.dll
2013-09-23 18:33:57 . 2004-08-04 12:00:00    1469440    ------w-    C:\WINDOWS\system32\inetcpl.cpl
2013-09-23 18:33:56 . 2004-08-04 12:00:00    18944    ----a-w-    C:\WINDOWS\system32\corpol.dll
2013-09-23 18:06:48 . 2004-08-04 12:00:00    385024    ----a-w-    C:\WINDOWS\system32\html.iec
2013-08-29 01:31:44 . 2004-08-04 12:00:00    1878656    ----a-w-    C:\WINDOWS\system32\win32k.sys
2013-08-09 01:56:45 . 2004-08-04 12:00:00    386560    ----a-w-    C:\WINDOWS\system32\themeui.dll
2013-08-05 13:30:32 . 2004-08-04 12:00:00    1289728    ----a-w-    C:\WINDOWS\system32\ole32.dll
2013-08-03 13:18:38 . 2006-10-18 20:47:22    1543680    ------w-    C:\WINDOWS\system32\wmvdecod.dll
2009-03-23 12:11:56 . 2009-03-23 12:12:55    29800960    ----a-w-    C:\Program Files\Memeo AutoBackup.msi


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
[-] 2004-08-04 12:00:00 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 12:00:00 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys
[-] 2004-08-04 12:00:00 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\beep.sys
[-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

[-] 2008-04-13 19:39:48 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
[-] 2008-04-13 18:39:47 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 12:00:00 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ndis.sys
[-] 2004-08-04 12:00:00 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys
[-] 2007-02-09 11:23:36 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081 (xpsp_sp2_qfe.070209-0034)] . . C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10:35 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] . . C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\null.sys
[-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

[-] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[-] 2008-06-20 10:45:13 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 10:44:42 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 16:53:32 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244 (xpsp_sp2_qfe.071030-1255)] . . C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18:35 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892 (xpsp.060420-0256)] . . C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2012-07-06 13:58:51 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260 (xpsp_sp3_gdr.120706-1619)] . . C:\WINDOWS\system32\browser.dll
[-] 2012-07-06 13:58:51 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260 (xpsp_sp3_gdr.120706-1619)] . . C:\WINDOWS\system32\dllcache\browser.dll
[-] 2012-07-06 13:58:10 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260 (xpsp_sp3_qfe.120706-1617)] . . C:\WINDOWS\$hf_mig$\KB2705219\SP3QFE\browser.dll
[-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\$NtUninstallKB2705219$\browser.dll
[-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 12:00:00 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
[-] 2004-08-04 12:00:00 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
[-] 2005-08-22 18:29:46 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] . . C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 18:24:55 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743 (xpsp.050819-1528)] . . C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 00:11:51 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11:51 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\system32\comres.dll
[-] 2004-08-04 12:00:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . C:\WINDOWS\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\bits\qmgr.dll
[-] 2004-08-04 12:00:00 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\rpcss.dll
[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\rpcss.dll
[-] 2009-02-09 10:56:36 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 00:12:04 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 04:39:49 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] . . C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 04:20:40 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726 (xpsp.050725-1531)] . . C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35:01 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665 (xpsp.050427-1553)] . . C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\services.exe
[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\services.exe
[-] 2009-02-06 11:06:24 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 00:12:34 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\services.exe
[-] 2004-08-04 12:00:00 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\services.exe

[-] 2010-08-17 13:19:36 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024 (xpsp_sp3_qfe.100817-1627)] . . C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\spoolsv.exe
[-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\dllcache\spoolsv.exe
[-] 2008-04-14 00:12:36 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 00:17:13 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696 (xpsp.050610-1527)] . . C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53:32 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] . . C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[-] 2004-08-04 12:00:00 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ipsec.sys
[-] 2004-08-04 12:00:00 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

[-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\comctl32.dll
[-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\dllcache\comctl32.dll
[-] 2010-08-23 16:12:02 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 00:12:51 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 00:11:51 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 15:45:58 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82 (xpsp.060825-0040)] . . C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 15:45:55 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0 (xpsp.060825-0040)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 12:00:00 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 12:00:00 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
[-] 2004-08-04 12:00:00 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32:22 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . C:\WINDOWS\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
[-] 2008-07-07 20:23:18 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06:43 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11:53 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:20:28 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
[-] 2004-08-04 12:00:00 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
[-] 2005-09-01 01:44:04 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751 (xpsp.050831-1531)] . . C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 01:41:53 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] . . C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2004-08-04 12:00:00 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 00:12:51 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
[-] 2004-08-04 12:00:00 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 12:00:00 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 17:46:57 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 17:43:05 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 17:43:05 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 17:41:10 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 17:36:11 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 16:02:47 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
[-] 2008-06-20 16:02:47 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
[-] 2008-04-14 00:12:01 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\mswsock.dll

[-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
[-] 2004-08-04 12:00:00 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
[-] 2004-08-04 12:00:00 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
[-] 2004-08-04 12:00:00 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
[-] 2004-08-04 12:00:00 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
[-] 2004-08-04 12:00:00 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
[-] 2005-07-08 16:28:58 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716 (xpsp.050707-1657)] . . C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 16:27:56 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] . . C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2007-03-08 15:48:36 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] . . C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36:28 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 18:19:56 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
[-] 2004-08-04 12:00:00 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
[-] 2004-08-04 12:00:00 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 00:12:10 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 00:12:10 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2help.dll
[-] 2004-08-04 12:00:00 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 11:26:03 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23:07 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 00:12:32 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\regedit.exe
[-] 2008-04-14 00:12:32 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 12:00:00 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

[-] 2008-04-14 00:11:56 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 00:11:56 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ksuser.dll
[-] 2004-08-03 23:56:44 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll

[-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[-] 2004-08-04 12:00:00 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

[-] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\shsvcs.dll
[-] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll
[-] 2009-07-27 22:13:09 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853 (xpsp_sp3_qfe.090727-1747)] . . C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 21:52:18 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 21:50:10 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 00:11:59 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 00:11:59 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\msimg32.dll
[-] 2004-08-04 12:00:00 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll

[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2004-08-04 12:00:00 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe
[-] 2004-08-04 12:00:00 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
[-] 2004-08-04 12:00:00 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

[-] 2010-12-09 15:15:41 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055 (xpsp_sp3_qfe.101209-1646)] . . C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 15:15:09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\ntdll.dll
[-] 2010-12-09 15:15:09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\dllcache\ntdll.dll
[-] 2009-02-09 10:56:35 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-04-14 00:11:24 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-04 12:00:00 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll

[-] 2008-04-14 00:10:06 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 00:10:06 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\msctfime.ime
[-] 2004-08-04 12:00:00 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msctfime.ime

[-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
[-] 2004-08-04 12:00:00 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
[-] 2004-08-04 12:00:00 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ipsec.sys
[-] 2004-08-04 12:00:00 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

[-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
[-] 2004-08-04 12:00:00 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
[-] 2004-08-04 12:00:00 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
[-] 2004-08-04 12:00:00 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
[-] 2004-08-04 12:00:00 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 00:11:54 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 00:11:54 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\hnetcfg.dll
[-] 2004-08-04 12:00:00 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll

[-] 2004-08-04 12:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
[-] 2006-02-15 00:30:07 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys

[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
[-] 2004-08-04 12:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys

[-] 2010-09-18 07:18:30 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\mfc40u.dll
[-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17:45 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . C:\WINDOWS\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
[-] 2004-08-04 12:00:00 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 00:12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 20:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[-] 2006-10-18 20:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . C:\WINDOWS\$NtServicePackUninstall$\mspmsnsv.dll

[-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
[-] 2004-08-04 12:00:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
[-] 2007-02-05 20:19:14 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] . . C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 20:17:02 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
[-] 2004-08-04 12:00:00 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 00:11:51 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 00:11:51 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\d3d9.dll
[-] 2004-08-04 12:00:00 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 00:11:51 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 00:11:51 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ddraw.dll
[-] 2004-08-04 12:00:00 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12:02 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12:02 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\olepro32.dll
[-] 2004-08-04 12:00:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 00:12:02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 00:12:02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\perfctrs.dll
[-] 2004-08-04 12:00:00 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 00:12:08 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\version.dll
[-] 2008-04-14 00:12:08 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\version.dll
[-] 2004-08-04 12:00:00 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\version.dll

[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2004-08-04 12:00:00 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 00:12:08 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 00:12:08 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\w32time.dll
[-] 2004-08-04 12:00:00 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\w32time.dll

[-] 2008-04-14 00:12:08 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 00:12:08 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\wiaservc.dll
[-] 2006-12-19 18:47:14 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 18:16:47 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll

[-] 2008-04-14 00:11:57 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 00:11:57 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\midimap.dll
[-] 2004-08-04 12:00:00 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\midimap.dll

[-] 2008-04-14 00:12:03 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 00:12:03 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\rasadhlp.dll
[-] 2006-06-26 17:45:19 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938 (xpsp.060626-0041)] . . C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 17:37:10 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] . . C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll

[-] 2008-04-14 00:12:10 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 00:12:10 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\wshtcpip.dll
[-] 2004-08-04 12:00:00 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\wshtcpip.dll

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04:26 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 11:10:18 16049664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2013-10-29 10:42:23 2404376]
"nwiz"="nwiz.exe" [2006-08-16 07:35:00 1617920]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 20:43:52 59720]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 08:16:26 254336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Memeo protects your files by backing them up while you work.  If this service is disabled, Memeo will not be able to protect your data..lnk - C:\Program Files\Tanagra\Memeo\MemeoLauncher.exe --silent [2006-8-3 196608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - C:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe [2008-4-7 1736704]
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe   [2007-4-10 82944]
EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe  /h [2007-4-11 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [17/10/2013 15:04:56 108816]
R1 avgtp;avgtp;C:\WINDOWS\system32\drivers\avgtpx86.sys [09/11/2012 16:12:16 37664]
R1 CbFs;CbFs;C:\WINDOWS\system32\drivers\cbfs.sys [05/04/2012 17:25:14 146904]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [29/10/2013 09:01:44 340432]
R1 RapportEI;RapportEI;C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04:58 157264]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04:56 230448]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04:32 1444120]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [23/08/2012 11:31:24 1532280]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [08/07/2013 10:00:36 1598128]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [04/10/2013 16:06:05 1734680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [04/07/2012 15:26:12 10088]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 03:47:54 98304]
S2 gupdate1c9a94f54d6fe3a;Google Update Service (gupdate1c9a94f54d6fe3a);C:\Program Files\Google\Update\GoogleUpdate.exe [20/03/2009 11:30:53 133104]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 02:40:46 118784]
S3 Rockusb;Driver for Rockusb Device;C:\WINDOWS\system32\drivers\rockusb.sys [18/02/2013 23:49:26 45040]
S3 SWDUMon;SWDUMon;C:\WINDOWS\system32\drivers\SWDUMon.sys [03/10/2013 15:22:23 13464]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGTP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc

Contents of the 'Scheduled Tasks' folder

2013-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57:16 . 2011-06-01 16:57:16]

2013-10-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-20 11:30:53 . 2009-03-20 11:30:46]

2013-10-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-20 11:30:53 . 2009-03-20 11:30:46]


------- Supplementary Scan -------

uStart Page = hxxp://www.bbc.co.uk/weather/hp3
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
FF - ProfilePath - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ghzu6nhc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/weather/hp3
FF - ExtSQL: 2013-10-26 09:53; avg@toolbar; C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.0.0.12
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-10 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-29 12:15:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2013-10-29  12:22:22
ComboFix-quarantined-files.txt  2013-10-29 12:22:18
ComboFix2.txt  2013-10-29 11:22:01

Pre-Run: 120,591,282,176 bytes free
Post-Run: 120,571,731,968 bytes free

- - End Of File - - 93887354258B6DB5279036C98F0AD843
8F558EB6672622401DA993E1E865C861

 

I then unistalled AVG 2014 and ran ComboFix again. Thinking about it now, it seems likely that the above log and text are the result of this second run, as I cannot find another so the second running probably overwrote the files from the first run.

 

Next, I downloaded Malwarebytes Antimalware as I did not already have a copy installed.

 

The log-date.txt is:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.29.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: XPPRYCE [administrator]

Protection: Enabled

29/10/2013 15:06:55
mbam-log-2013-10-29 (15-06-55).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 654480
Time elapsed: 1 hour(s), 47 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1670\A1047449.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1670\A1047450.dll (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1699\A1087092.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

(end)
 

The next thing was to scan with Farbar's Service scanner:

 

The txt lie is:

Farbar Service Scanner Version: 24-10-2013
Ran by User (administrator) on 29-10-2013 at 17:37:34
Running from "C:\Documents and Settings\User\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(16) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5) Tcpip6(13)
0x100000000600000001000000020000000300000004000000050000000D0000000F0000000700000008000000090000000A0000000B0000000C0000000E00000010000000
IpSec Tag value is correct.

**** End of log ****

 

---------------------------------------------------------------------------------------------------------------------------------------

 

All seemed to have gone well until I scanned with ESET Online Scan. Although I had deleted AVG 2014, when I scanned ESET sent the message "Cannot update. Is proxy configured?" which puzzled me for a while until I reread the instructions about turning off any realtime antivirus program. I checked Control Panel to make sure that AVG had been uninstalled, when I noticed AVG Secure Search Toolbar. I uninstalled that and tried again. This time it worked but came up with 9 infections which are listed in the following log:

 

C:\Documents and Settings\User\Application Data\Netscape\Navigator\Profiles\of3pgt11.default\prefs.js    JS/SecurityDisabler.A.Gen application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060045.exe    probably a variant of Win32/Toolbar.Visicom.C application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060046.dll    a variant of Win32/Toolbar.Visicom.A application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060047.dll    a variant of Win32/Toolbar.Visicom.B application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060050.dll    Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060051.exe    a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060052.dll    Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060053.dll    Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060055.dll    Win32/Toolbar.SearchSuite application
 

---------------------------------------------------------------------------------------------------------------------------------

 

I am sorry that this is so very long, I have stopped at this point and seek assistance. I am also sorry if I have caused problems by trying to follow advice meant soley for someone else. I hope you will be able to help me.

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 04 November 2013 - 12:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/512388 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Prhys

Prhys
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 05 November 2013 - 05:16 AM

Operating System: Windows XP Home Edition, Version 5.1.2600 Service Pack 3 Build 2600.
 I think it is a 32bit system. How do I determine whether it is 32bit or 64bit?
 I do have the original Windows XP CD/DVD disk available.

 DDS.txt is below.

 DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by User at 9:28:34 on 2013-11-05
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1379 [GMT 0:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/weather/hp3
uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\memeop~1.lnk - c:\program files\tanagra\memeo\MemeoLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053v3011\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelm~1.lnk - c:\corel\graphics8\programs\MFIndexer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\program files\epson\epson smart panel for scanner\espmain.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: MaxRecentDocs = dword:99
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: HideShutdownScripts = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362239094125
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{92923406-B2CB-4A83-BAB7-1E06043FB1C8} : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\ghzu6nhc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/weather/hp3
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-17 108816]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-4-5 146904]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-10-29 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-17 157264]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-17 230448]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 MBAMScheduler;MBAMScheduler;c:\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-29 418376]
R2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [2013-10-29 701512]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-17 1444120]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [2013-7-8 1598128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-29 22856]
R3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-10-29 644096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a94f54d6fe3a;Google Update Service (gupdate1c9a94f54d6fe3a);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
S3 Rockusb;Driver for Rockusb Device;c:\windows\system32\drivers\rockusb.sys [2013-2-18 45040]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-10-3 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-10-30 09:30:00    --------    d-----w-    c:\documents and settings\all users\application data\AVG Secure Search
2013-10-29 17:42:32    --------    d-----w-    c:\program files\ESET
2013-10-29 14:56:07    --------    d-----w-    c:\documents and settings\user\application data\Malwarebytes
2013-10-29 14:55:29    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-10-29 14:55:28    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-29 14:55:28    --------    d-----w-    C:\Malwarebytes' Anti-Malware
2013-10-29 11:57:45    --------    d-----w-    C:\ComboFix
2013-10-29 10:51:01    --------    d-sha-r-    C:\cmdcons
2013-10-29 10:48:52    98816    ----a-w-    c:\windows\sed.exe
2013-10-29 10:48:52    256000    ----a-w-    c:\windows\PEV.exe
2013-10-29 10:48:52    208896    ----a-w-    c:\windows\MBR.exe
2013-10-26 08:53:12    --------    d-----w-    c:\program files\AVG Secure Search
2013-10-19 16:12:34    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-19 16:12:19    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 15:04:56    108816    ----a-w-    c:\windows\system32\drivers\RapportKELL.sys
2013-10-11 16:22:14    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-11 16:22:14    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-11 16:21:42    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 16:21:42    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 16:20:45    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-11 16:20:45    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-11 16:20:45    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-11 16:20:45    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
.
==================== Find3M  ====================
.
2013-10-04 11:35:48    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-10-04 11:24:37    21361    ----a-w-    c:\windows\system32\drivers\AegisP.sys
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ----a-w-    c:\windows\system32\html.iec
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2009-03-23 12:11:56    29800960    ----a-w-    c:\program files\Memeo AutoBackup.msi
.
============= FINISH:  9:29:09.45 ===============



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 05 November 2013 - 05:44 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Edited by TB-Psychotic, 05 November 2013 - 05:45 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Prhys

Prhys
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 05 November 2013 - 04:02 PM

Thanks for helping.

Here is the ark.txt log fromGmer rootkit scanner.

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-05 20:45:26
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ExcelStor_Technology_J8160 rev.P22OA40U 153.39GB
Running: uwu74h6s.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\fwldipob.sys


---- System - GMER 2.1 ----

SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwAssignProcessToJobObject [0xB39F13F0]
SSDT            \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys  ZwClose [0xB3B7C8A0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwCreateFile [0xB39EF6F0]
SSDT            \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys  ZwCreateThread [0xB3B7D0B0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwDeleteFile [0xB39F0190]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwDeleteKey [0xB39F2EC0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwDeleteValueKey [0xB39F2F60]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwLoadKey [0xB39F3330]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwOpenFile [0xB39EFFA0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwOpenProcess [0xB39F1700]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwOpenThread [0xB39F1A20]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwProtectVirtualMemory [0xB39F1C50]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwQueryValueKey [0xB39F31E0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwRenameKey [0xB39F3020]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwReplaceKey [0xB39F30C0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwRestoreKey [0xB39F3150]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwSetContextThread [0xB39F1300]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwSetInformationFile [0xB39F0330]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwSetValueKey [0xB39F2D80]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwSuspendThread [0xB39F11E0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwTerminateProcess [0xB39F0FB0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                                                    ZwTerminateThread [0xB39F1080]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                   fltmgr.sys
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                   fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                                         15
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                                            10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                                          yes
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                                         
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                                         90
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                                           10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs   

 

 

And here is the TDSSKiller log

 

20:50:42.0906 3916  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:51:11.0375 3916  ============================================================
20:51:11.0375 3916  Current date / time: 2013/11/05 20:51:11.0375
20:51:11.0375 3916  SystemInfo:
20:51:11.0375 3916  
20:51:11.0375 3916  OS Version: 5.1.2600 ServicePack: 3.0
20:51:11.0375 3916  Product type: Workstation
20:51:11.0375 3916  ComputerName: XPPRYCE
20:51:11.0375 3916  UserName: User
20:51:11.0375 3916  Windows directory: C:\WINDOWS
20:51:11.0375 3916  System windows directory: C:\WINDOWS
20:51:11.0375 3916  Processor architecture: Intel x86
20:51:11.0375 3916  Number of processors: 1
20:51:11.0375 3916  Page size: 0x1000
20:51:11.0375 3916  Boot type: Normal boot
20:51:11.0375 3916  ============================================================
20:51:12.0781 3916  Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:51:12.0796 3916  Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:51:12.0812 3916  ============================================================
20:51:12.0812 3916  \Device\Harddisk0\DR0:
20:51:12.0812 3916  MBR partitions:
20:51:12.0812 3916  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
20:51:12.0812 3916  \Device\Harddisk1\DR2:
20:51:12.0812 3916  MBR partitions:
20:51:12.0828 3916  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F00, BlocksNum 0x3A380D41
20:51:12.0828 3916  ============================================================
20:51:12.0859 3916  C: <-> \Device\Harddisk0\DR0\Partition1
20:51:12.0859 3916  F: <-> \Device\Harddisk1\DR2\Partition1
20:51:12.0859 3916  ============================================================
20:51:12.0859 3916  Initialize success
20:51:12.0859 3916  ============================================================
20:51:57.0218 2192  ============================================================
20:51:57.0218 2192  Scan started
20:51:57.0218 2192  Mode: Manual;
20:51:57.0218 2192  ============================================================
20:51:57.0750 2192  ================ Scan system memory ========================
20:51:57.0750 2192  System memory - ok
20:51:57.0750 2192  ================ Scan services =============================
20:51:58.0125 2192  [ C07D5197410AAB28D0D93F943F59656D ] 6to4            C:\WINDOWS\System32\6to4svc.dll
20:51:58.0125 2192  6to4 - ok
20:51:58.0156 2192  Abiosdsk - ok
20:51:58.0156 2192  abp480n5 - ok
20:51:58.0265 2192  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:51:58.0296 2192  ACPI - ok
20:51:58.0328 2192  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:51:58.0343 2192  ACPIEC - ok
20:51:58.0453 2192  [ F487EE1425D9533AEF4B1D991FC5ABBE ] AdobeActiveFileMonitor C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
20:51:58.0468 2192  AdobeActiveFileMonitor - ok
20:51:58.0468 2192  adpu160m - ok
20:51:58.0546 2192  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:51:58.0609 2192  aec - ok
20:51:58.0656 2192  [ 023867B6606FBABCDD52E089C4A507DA ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:51:58.0671 2192  AegisP - ok
20:51:58.0750 2192  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:51:58.0796 2192  AFD - ok
20:51:58.0812 2192  Aha154x - ok
20:51:58.0812 2192  aic78u2 - ok
20:51:58.0828 2192  aic78xx - ok
20:51:58.0859 2192  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:51:58.0875 2192  Alerter - ok
20:51:58.0906 2192  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
20:51:58.0906 2192  ALG - ok
20:51:58.0906 2192  AliIde - ok
20:51:58.0937 2192  [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:51:58.0953 2192  AmdK8 - ok
20:51:58.0953 2192  amsint - ok
20:51:59.0046 2192  [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:51:59.0046 2192  Apple Mobile Device - ok
20:51:59.0062 2192  AppMgmt - ok
20:51:59.0062 2192  asc - ok
20:51:59.0078 2192  asc3350p - ok
20:51:59.0078 2192  asc3550 - ok
20:51:59.0234 2192  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:51:59.0234 2192  aspnet_state - ok
20:51:59.0265 2192  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:51:59.0281 2192  AsyncMac - ok
20:51:59.0328 2192  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:51:59.0328 2192  atapi - ok
20:51:59.0343 2192  Atdisk - ok
20:51:59.0375 2192  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:51:59.0406 2192  Atmarpc - ok
20:51:59.0453 2192  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:51:59.0453 2192  AudioSrv - ok
20:51:59.0500 2192  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:51:59.0500 2192  audstub - ok
20:51:59.0546 2192  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:51:59.0546 2192  Beep - ok
20:51:59.0750 2192  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:51:59.0750 2192  BITS - ok
20:51:59.0765 2192  BLKWGU(Belkin) - ok
20:52:00.0500 2192  [ ACE1830AA4BFF102BA17E7754F258F1A ] BMUService      C:\Program Files\Tanagra\Memeo\MemeoService.exe
20:52:15.0234 2192  BMUService - ok
20:52:15.0437 2192  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:52:15.0437 2192  Bonjour Service - ok
20:52:15.0765 2192  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
20:52:15.0765 2192  Browser - ok
20:52:16.0093 2192  catchme - ok
20:52:16.0187 2192  [ A975187F3C8867F8D00A698A5282672B ] CbFs            C:\WINDOWS\system32\drivers\cbfs.sys
20:52:16.0250 2192  CbFs - ok
20:52:16.0281 2192  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:52:16.0281 2192  cbidf2k - ok
20:52:16.0296 2192  cd20xrnt - ok
20:52:16.0328 2192  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:52:16.0328 2192  Cdaudio - ok
20:52:16.0390 2192  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:52:16.0390 2192  Cdfs - ok
20:52:16.0437 2192  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:52:16.0453 2192  Cdrom - ok
20:52:16.0453 2192  Changer - ok
20:52:16.0484 2192  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:52:16.0500 2192  CiSvc - ok
20:52:16.0546 2192  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:52:16.0546 2192  ClipSrv - ok
20:52:16.0718 2192  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:16.0718 2192  clr_optimization_v2.0.50727_32 - ok
20:52:16.0843 2192  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:16.0843 2192  clr_optimization_v4.0.30319_32 - ok
20:52:16.0843 2192  CmdIde - ok
20:52:16.0859 2192  COMSysApp - ok
20:52:16.0859 2192  Cpqarray - ok
20:52:16.0937 2192  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:52:16.0937 2192  CryptSvc - ok
20:52:16.0937 2192  dac2w2k - ok
20:52:16.0953 2192  dac960nt - ok
20:52:17.0109 2192  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:52:17.0109 2192  DcomLaunch - ok
20:52:17.0187 2192  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:52:17.0187 2192  Dhcp - ok
20:52:17.0234 2192  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:52:17.0234 2192  Disk - ok
20:52:17.0250 2192  dmadmin - ok
20:52:17.0515 2192  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:52:17.0796 2192  dmboot - ok
20:52:17.0859 2192  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:52:17.0921 2192  dmio - ok
20:52:17.0937 2192  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:52:17.0937 2192  dmload - ok
20:52:17.0968 2192  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:52:17.0968 2192  dmserver - ok
20:52:18.0015 2192  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:52:18.0031 2192  DMusic - ok
20:52:18.0093 2192  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:52:18.0093 2192  Dnscache - ok
20:52:18.0171 2192  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:52:18.0171 2192  Dot3svc - ok
20:52:18.0187 2192  dpti2o - ok
20:52:18.0203 2192  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:52:18.0203 2192  drmkaud - ok
20:52:18.0234 2192  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:52:18.0234 2192  EapHost - ok
20:52:18.0265 2192  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:52:18.0265 2192  ERSvc - ok
20:52:18.0343 2192  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
20:52:18.0343 2192  Eventlog - ok
20:52:18.0468 2192  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
20:52:18.0468 2192  EventSystem - ok
20:52:18.0562 2192  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:52:18.0578 2192  Fastfat - ok
20:52:18.0671 2192  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:52:18.0687 2192  FastUserSwitchingCompatibility - ok
20:52:18.0703 2192  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:52:18.0703 2192  Fdc - ok
20:52:18.0734 2192  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:52:18.0750 2192  Fips - ok
20:52:18.0796 2192  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:52:18.0796 2192  Flpydisk - ok
20:52:18.0859 2192  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:52:18.0890 2192  FltMgr - ok
20:52:18.0937 2192  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:52:18.0937 2192  FontCache3.0.0.0 - ok
20:52:18.0953 2192  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:52:18.0968 2192  Fs_Rec - ok
20:52:19.0015 2192  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:52:19.0046 2192  Ftdisk - ok
20:52:19.0046 2192  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:52:19.0062 2192  gameenum - ok
20:52:19.0093 2192  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:52:19.0109 2192  GEARAspiWDM - ok
20:52:19.0125 2192  GMSIPCI - ok
20:52:19.0171 2192  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:52:19.0187 2192  Gpc - ok
20:52:19.0296 2192  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a94f54d6fe3a C:\Program Files\Google\Update\GoogleUpdate.exe
20:52:19.0296 2192  gupdate1c9a94f54d6fe3a - ok
20:52:19.0359 2192  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:52:19.0359 2192  gupdatem - ok
20:52:19.0421 2192  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:52:19.0468 2192  HDAudBus - ok
20:52:19.0546 2192  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:52:19.0546 2192  helpsvc - ok
20:52:19.0609 2192  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:52:19.0671 2192  HidServ - ok
20:52:19.0687 2192  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:52:19.0718 2192  HidUsb - ok
20:52:19.0812 2192  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:52:19.0812 2192  hkmsvc - ok
20:52:19.0812 2192  hpn - ok
20:52:19.0937 2192  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:52:19.0937 2192  HTTP - ok
20:52:19.0953 2192  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:52:19.0968 2192  HTTPFilter - ok
20:52:19.0968 2192  i2omgmt - ok
20:52:19.0968 2192  i2omp - ok
20:52:20.0031 2192  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:52:20.0046 2192  i8042prt - ok
20:52:20.0156 2192  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:52:20.0156 2192  IDriverT - ok
20:52:20.0484 2192  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:52:20.0500 2192  idsvc - ok
20:52:20.0562 2192  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:52:20.0578 2192  Imapi - ok
20:52:20.0703 2192  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:52:20.0703 2192  ImapiService - ok
20:52:20.0703 2192  ini910u - ok
20:52:22.0187 2192  [ A7D3A1B2CABDAB81EAD07C204ADB7CE1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:52:22.0203 2192  IntcAzAudAddService - ok
20:52:22.0218 2192  IntelIde - ok
20:52:22.0265 2192  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:52:22.0281 2192  Ip6Fw - ok
20:52:22.0328 2192  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:52:22.0328 2192  IpFilterDriver - ok
20:52:22.0359 2192  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:52:22.0375 2192  IpInIp - ok
20:52:22.0437 2192  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:52:22.0484 2192  IpNat - ok
20:52:22.0703 2192  [ C00149A7027081539A66DC5A46695EAD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:52:22.0703 2192  iPod Service - ok
20:52:22.0750 2192  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:52:22.0781 2192  IPSec - ok
20:52:22.0828 2192  [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
20:52:22.0859 2192  irda - ok
20:52:22.0890 2192  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:52:22.0906 2192  IRENUM - ok
20:52:22.0937 2192  [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon           C:\WINDOWS\System32\irmon.dll
20:52:22.0937 2192  Irmon - ok
20:52:22.0984 2192  [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir           C:\WINDOWS\system32\DRIVERS\irsir.sys
20:52:22.0984 2192  irsir - ok
20:52:23.0031 2192  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:52:23.0031 2192  isapnp - ok
20:52:23.0171 2192  [ 80A79264302910C7C24BA7E44267EFEF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:52:23.0187 2192  JavaQuickStarterService - ok
20:52:23.0234 2192  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:52:23.0234 2192  Kbdclass - ok
20:52:23.0281 2192  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:52:23.0281 2192  kbdhid - ok
20:52:23.0359 2192  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:52:23.0359 2192  kmixer - ok
20:52:23.0421 2192  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:52:23.0437 2192  KSecDD - ok
20:52:23.0500 2192  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:52:23.0500 2192  lanmanserver - ok
20:52:23.0593 2192  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:52:23.0593 2192  lanmanworkstation - ok
20:52:23.0609 2192  lbrtfdc - ok
20:52:23.0656 2192  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:52:23.0671 2192  LmHosts - ok
20:52:23.0703 2192  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:52:23.0703 2192  MBAMProtector - ok
20:52:23.0921 2192  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:52:23.0937 2192  MBAMScheduler - ok
20:52:24.0171 2192  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Malwarebytes' Anti-Malware\mbamservice.exe
20:52:24.0171 2192  MBAMService - ok
20:52:24.0203 2192  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:52:24.0203 2192  Messenger - ok
20:52:24.0234 2192  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:52:24.0234 2192  mnmdd - ok
20:52:24.0296 2192  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:52:24.0296 2192  mnmsrvc - ok
20:52:24.0343 2192  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:52:24.0343 2192  Modem - ok
20:52:24.0375 2192  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:52:24.0375 2192  Mouclass - ok
20:52:24.0421 2192  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:52:24.0421 2192  mouhid - ok
20:52:24.0453 2192  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:52:24.0453 2192  MountMgr - ok
20:52:24.0531 2192  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:52:24.0531 2192  MozillaMaintenance - ok
20:52:24.0531 2192  mraid35x - ok
20:52:24.0609 2192  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:52:24.0687 2192  MRxDAV - ok
20:52:24.0875 2192  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:52:25.0015 2192  MRxSmb - ok
20:52:25.0046 2192  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:52:25.0046 2192  MSDTC - ok
20:52:25.0078 2192  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:52:25.0078 2192  Msfs - ok
20:52:25.0093 2192  MSIServer - ok
20:52:25.0109 2192  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:52:25.0125 2192  MSKSSRV - ok
20:52:25.0125 2192  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:52:25.0140 2192  MSPCLOCK - ok
20:52:25.0156 2192  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:52:25.0156 2192  MSPQM - ok
20:52:25.0203 2192  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:52:25.0203 2192  mssmbios - ok
20:52:25.0234 2192  [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401       C:\WINDOWS\system32\drivers\msmpu401.sys
20:52:25.0234 2192  ms_mpu401 - ok
20:52:25.0281 2192  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:52:25.0296 2192  Mup - ok
20:52:25.0421 2192  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:52:25.0421 2192  napagent - ok
20:52:25.0500 2192  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:52:25.0546 2192  NDIS - ok
20:52:25.0593 2192  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:52:25.0593 2192  NdisTapi - ok
20:52:25.0625 2192  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:52:25.0640 2192  Ndisuio - ok
20:52:25.0687 2192  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:52:25.0718 2192  NdisWan - ok
20:52:25.0781 2192  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:52:25.0781 2192  NDProxy - ok
20:52:25.0812 2192  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:52:25.0812 2192  NetBIOS - ok
20:52:25.0890 2192  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:52:25.0937 2192  NetBT - ok
20:52:26.0015 2192  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:52:26.0015 2192  NetDDE - ok
20:52:26.0046 2192  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:52:26.0062 2192  NetDDEdsdm - ok
20:52:26.0093 2192  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:52:26.0109 2192  Netlogon - ok
20:52:26.0187 2192  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
20:52:26.0187 2192  Netman - ok
20:52:26.0265 2192  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:26.0265 2192  NetTcpPortSharing - ok
20:52:26.0359 2192  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:52:26.0375 2192  Nla - ok
20:52:26.0390 2192  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:52:26.0390 2192  Npfs - ok
20:52:26.0625 2192  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:52:26.0796 2192  Ntfs - ok
20:52:26.0812 2192  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:52:26.0812 2192  NtLmSsp - ok
20:52:26.0984 2192  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:52:26.0984 2192  NtmsSvc - ok
20:52:27.0015 2192  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:52:27.0031 2192  NuidFltr - ok
20:52:27.0046 2192  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:52:27.0046 2192  Null - ok
20:52:31.0171 2192  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:52:35.0390 2192  nv - ok
20:52:35.0468 2192  [ 9ECCD189A9554C30A0D18A429778C7BA ] nvata           C:\WINDOWS\system32\DRIVERS\nvata.sys
20:52:35.0484 2192  nvata - ok
20:52:35.0515 2192  [ 4D6F0D3FB17C1BA64942F415C73ADCDB ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:52:35.0531 2192  NVENETFD - ok
20:52:35.0562 2192  [ 921E63AA1E1A20302223D016ACAFB52B ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:52:35.0562 2192  nvnetbus - ok
20:52:35.0656 2192  [ 986D6666E076AFD2B60ACAFD5B01A00F ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:52:35.0656 2192  NVSvc - ok
20:52:35.0687 2192  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:52:35.0687 2192  NwlnkFlt - ok
20:52:35.0703 2192  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:52:35.0718 2192  NwlnkFwd - ok
20:52:36.0000 2192  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:52:36.0000 2192  odserv - ok
20:52:36.0109 2192  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:36.0156 2192  ose - ok
20:52:36.0218 2192  [ 937A02981F11B2CE96B1D493C95AED2B ] p2pgasvc        C:\WINDOWS\system32\p2pgasvc.dll
20:52:36.0218 2192  p2pgasvc - ok
20:52:36.0437 2192  [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2pimsvc        C:\WINDOWS\system32\p2psvc.dll
20:52:36.0437 2192  p2pimsvc - ok
20:52:36.0625 2192  [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:52:36.0640 2192  p2psvc - ok
20:52:36.0687 2192  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:52:36.0718 2192  Parport - ok
20:52:36.0781 2192  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:52:36.0781 2192  PartMgr - ok
20:52:36.0828 2192  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:52:36.0859 2192  ParVdm - ok
20:52:36.0890 2192  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:52:36.0890 2192  PCI - ok
20:52:36.0890 2192  PCIDump - ok
20:52:36.0906 2192  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:52:36.0921 2192  PCIIde - ok
20:52:36.0968 2192  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:52:37.0015 2192  Pcmcia - ok
20:52:37.0031 2192  PDCOMP - ok
20:52:37.0031 2192  PDFRAME - ok
20:52:37.0031 2192  PDRELI - ok
20:52:37.0046 2192  PDRFRAME - ok
20:52:37.0046 2192  perc2 - ok
20:52:37.0062 2192  perc2hib - ok
20:52:37.0187 2192  [ E9CA440FE7A5957EB2EB0C587958DD29 ] PhotoshopElementsDeviceConnect C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
20:52:37.0187 2192  PhotoshopElementsDeviceConnect - ok
20:52:37.0234 2192  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:52:37.0234 2192  PlugPlay - ok
20:52:37.0421 2192  [ 4A1035CB8F0D57BE41873B5183D96CF4 ] PNRPSvc         C:\WINDOWS\system32\p2psvc.dll
20:52:37.0437 2192  PNRPSvc - ok
20:52:37.0437 2192  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:52:37.0453 2192  PolicyAgent - ok
20:52:37.0500 2192  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:52:37.0515 2192  PptpMiniport - ok
20:52:37.0546 2192  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:52:37.0562 2192  Processor - ok
20:52:37.0562 2192  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:52:37.0562 2192  ProtectedStorage - ok
20:52:37.0593 2192  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:52:37.0625 2192  PSched - ok
20:52:37.0656 2192  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:52:37.0656 2192  Ptilink - ok
20:52:37.0703 2192  [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:52:37.0703 2192  PxHelp20 - ok
20:52:37.0718 2192  ql1080 - ok
20:52:37.0718 2192  Ql10wnt - ok
20:52:37.0734 2192  ql12160 - ok
20:52:37.0734 2192  ql1240 - ok
20:52:37.0750 2192  ql1280 - ok
20:52:38.0000 2192  [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
20:52:38.0109 2192  RapportCerberus_59849 - ok
20:52:38.0218 2192  [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:52:38.0265 2192  RapportEI - ok
20:52:38.0312 2192  [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL     C:\WINDOWS\system32\Drivers\RapportKELL.sys
20:52:38.0328 2192  RapportKELL - ok
20:52:38.0812 2192  [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
20:52:38.0828 2192  RapportMgmtService - ok
20:52:38.0906 2192  [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:52:38.0984 2192  RapportPG - ok
20:52:39.0031 2192  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:52:39.0031 2192  RasAcd - ok
20:52:39.0093 2192  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:52:39.0093 2192  RasAuto - ok
20:52:39.0140 2192  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:52:39.0140 2192  Rasirda - ok
20:52:39.0171 2192  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:52:39.0187 2192  Rasl2tp - ok
20:52:39.0296 2192  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:52:39.0296 2192  RasMan - ok
20:52:39.0328 2192  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:52:39.0328 2192  RasPppoe - ok
20:52:39.0343 2192  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:52:39.0359 2192  Raspti - ok
20:52:39.0437 2192  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:52:39.0468 2192  Rdbss - ok
20:52:39.0484 2192  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:52:39.0484 2192  RDPCDD - ok
20:52:39.0562 2192  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:52:39.0609 2192  RDPWD - ok
20:52:39.0687 2192  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:52:39.0687 2192  RDSessMgr - ok
20:52:39.0718 2192  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:52:39.0734 2192  redbook - ok
20:52:39.0812 2192  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:52:39.0812 2192  RemoteAccess - ok
20:52:39.0859 2192  [ FB32D5CAC44ABEB1363BE6C0783CCBC3 ] Rockusb         C:\WINDOWS\system32\DRIVERS\rockusb.sys
20:52:39.0875 2192  Rockusb - ok
20:52:39.0937 2192  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:52:39.0937 2192  RpcLocator - ok
20:52:40.0078 2192  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:52:40.0093 2192  RpcSs - ok
20:52:40.0171 2192  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:52:40.0171 2192  RSVP - ok
20:52:40.0406 2192  [ 19A0B57164830DF3C699E3CC93F68E37 ] rt2870          C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:52:40.0625 2192  rt2870 - ok
20:52:40.0734 2192  [ BF4709C002D632170DC15A282813D6B3 ] RT73            C:\WINDOWS\system32\DRIVERS\rt73.sys
20:52:40.0828 2192  RT73 - ok
20:52:40.0859 2192  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:52:40.0859 2192  SamSs - ok
20:52:40.0937 2192  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:52:40.0937 2192  SCardSvr - ok
20:52:41.0031 2192  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:52:41.0031 2192  Schedule - ok
20:52:41.0078 2192  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:52:41.0078 2192  Secdrv - ok
20:52:41.0109 2192  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:52:41.0109 2192  seclogon - ok
20:52:41.0140 2192  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
20:52:41.0140 2192  SENS - ok
20:52:41.0187 2192  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:52:41.0187 2192  serenum - ok
20:52:41.0234 2192  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:52:41.0250 2192  Serial - ok
20:52:41.0312 2192  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:52:41.0328 2192  Sfloppy - ok
20:52:41.0468 2192  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:52:41.0484 2192  SharedAccess - ok
20:52:41.0531 2192  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:52:41.0531 2192  ShellHWDetection - ok
20:52:41.0546 2192  Simbad - ok
20:52:41.0562 2192  Sparrow - ok
20:52:41.0593 2192  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:52:41.0593 2192  splitter - ok
20:52:41.0671 2192  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:52:41.0671 2192  Spooler - ok
20:52:41.0718 2192  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:52:41.0718 2192  sr - ok
20:52:41.0828 2192  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:52:41.0843 2192  srservice - ok
20:52:41.0968 2192  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:52:42.0062 2192  Srv - ok
20:52:42.0109 2192  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:52:42.0109 2192  SSDPSRV - ok
20:52:42.0234 2192  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:52:42.0234 2192  stisvc - ok
20:52:42.0265 2192  [ 965F4DD2870F83642BC9CC7B4F1A1C7B ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
20:52:42.0281 2192  SWDUMon - ok
20:52:42.0312 2192  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:52:42.0312 2192  swenum - ok
20:52:42.0343 2192  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:52:42.0375 2192  swmidi - ok
20:52:42.0375 2192  SwPrv - ok
20:52:42.0390 2192  symc810 - ok
20:52:42.0390 2192  symc8xx - ok
20:52:42.0406 2192  sym_hi - ok
20:52:42.0406 2192  sym_u3 - ok
20:52:42.0437 2192  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:52:42.0453 2192  sysaudio - ok
20:52:42.0531 2192  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:52:42.0531 2192  SysmonLog - ok
20:52:42.0625 2192  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:52:42.0625 2192  TapiSrv - ok
20:52:42.0781 2192  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:52:42.0937 2192  Tcpip - ok
20:52:43.0031 2192  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:52:43.0109 2192  Tcpip6 - ok
20:52:43.0125 2192  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:52:43.0125 2192  TDPIPE - ok
20:52:43.0156 2192  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:52:43.0156 2192  TDTCP - ok
20:52:43.0203 2192  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:52:43.0218 2192  TermDD - ok
20:52:43.0359 2192  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
20:52:43.0359 2192  TermService - ok
20:52:43.0406 2192  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:52:43.0406 2192  Themes - ok
20:52:43.0421 2192  TosIde - ok
20:52:43.0468 2192  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:52:43.0468 2192  TrkWks - ok
20:52:44.0078 2192  [ 9DF6AD6FC51A802808621CBFB2A88453 ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
20:52:44.0078 2192  TuneUp.UtilitiesSvc - ok
20:52:44.0125 2192  [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
20:52:44.0125 2192  TuneUpUtilitiesDrv - ok
20:52:44.0171 2192  [ 8F861EDA21C05857EB8197300A92501C ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:52:44.0187 2192  tunmp - ok
20:52:44.0234 2192  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:52:44.0250 2192  Udfs - ok
20:52:44.0250 2192  ultra - ok
20:52:44.0406 2192  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:52:44.0531 2192  Update - ok
20:52:44.0625 2192  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:52:44.0625 2192  upnphost - ok
20:52:44.0656 2192  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
20:52:44.0656 2192  UPS - ok
20:52:44.0703 2192  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:52:44.0718 2192  USBAAPL - ok
20:52:44.0765 2192  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:52:44.0765 2192  usbccgp - ok
20:52:44.0843 2192  [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:52:44.0859 2192  usbehci - ok
20:52:44.0921 2192  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:52:44.0937 2192  usbhub - ok
20:52:45.0015 2192  [ 7B022327A7EBFB2277418188EFEDC5D7 ] usbmsd          C:\WINDOWS\system32\drivers\usbmsd.sys
20:52:45.0046 2192  usbmsd - ok
20:52:45.0062 2192  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:52:45.0078 2192  usbohci - ok
20:52:45.0109 2192  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:52:45.0125 2192  usbprint - ok
20:52:45.0156 2192  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:52:45.0156 2192  usbscan - ok
20:52:45.0187 2192  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:52:45.0203 2192  USBSTOR - ok
20:52:45.0218 2192  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:52:45.0234 2192  VgaSave - ok
20:52:45.0234 2192  ViaIde - ok
20:52:45.0265 2192  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:52:45.0265 2192  VolSnap - ok
20:52:45.0406 2192  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
20:52:45.0406 2192  VSS - ok
20:52:46.0031 2192  [ 254E8F9BA44E9F55416B0E51DBFF3C5F ] vToolbarUpdater15.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
20:52:46.0046 2192  vToolbarUpdater15.3.0 - ok
20:52:46.0109 2192  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:52:46.0109 2192  W32Time - ok
20:52:46.0140 2192  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:52:46.0156 2192  Wanarp - ok
20:52:46.0343 2192  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:52:46.0500 2192  Wdf01000 - ok
20:52:46.0515 2192  WDICA - ok
20:52:46.0578 2192  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:52:46.0593 2192  wdmaud - ok
20:52:46.0656 2192  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:52:46.0656 2192  WebClient - ok
20:52:46.0796 2192  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:52:46.0796 2192  winmgmt - ok
20:52:46.0875 2192  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:52:46.0875 2192  WmdmPmSN - ok
20:52:46.0953 2192  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:52:46.0968 2192  WmiApSrv - ok
20:52:47.0328 2192  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:52:47.0328 2192  WMPNetworkSvc - ok
20:52:47.0656 2192  [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:52:47.0656 2192  WPFFontCache_v0400 - ok
20:52:47.0703 2192  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:52:47.0703 2192  WS2IFSL - ok
20:52:47.0765 2192  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:52:47.0781 2192  wscsvc - ok
20:52:47.0828 2192  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:52:47.0843 2192  wuauserv - ok
20:52:47.0890 2192  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:52:47.0921 2192  WudfPf - ok
20:52:47.0968 2192  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:52:48.0000 2192  WudfRd - ok
20:52:48.0046 2192  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:52:48.0046 2192  WudfSvc - ok
20:52:48.0281 2192  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:52:48.0281 2192  WZCSVC - ok
20:52:48.0343 2192  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:52:48.0343 2192  xmlprov - ok
20:52:48.0359 2192  ZDPSp50 - ok
20:52:48.0375 2192  ================ Scan global ===============================
20:52:48.0421 2192  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:52:48.0546 2192  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:52:48.0750 2192  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:52:48.0796 2192  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:52:48.0812 2192  [Global] - ok
20:52:48.0812 2192  ================ Scan MBR ==================================
20:52:48.0859 2192  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:52:49.0125 2192  \Device\Harddisk0\DR0 - ok
20:52:49.0140 2192  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
20:52:49.0140 2192  \Device\Harddisk1\DR2 - ok
20:52:49.0140 2192  ================ Scan VBR ==================================
20:52:49.0156 2192  [ 81259C8EB3741610028887080EC6B42A ] \Device\Harddisk0\DR0\Partition1
20:52:49.0156 2192  \Device\Harddisk0\DR0\Partition1 - ok
20:52:49.0156 2192  [ D6C55A5FF38B54966B053173C91C321A ] \Device\Harddisk1\DR2\Partition1
20:52:49.0156 2192  \Device\Harddisk1\DR2\Partition1 - ok
20:52:49.0156 2192  ============================================================
20:52:49.0156 2192  Scan finished
20:52:49.0156 2192  ============================================================
20:52:49.0171 3116  Detected object count: 0
20:52:49.0171 3116  Actual detected object count: 0
20:56:16.0937 3728  Deinitialize success



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 06 November 2013 - 03:14 AM

Scan file(s) via VirusTotal

Please check the file in the code box via Virustotal

  • Click browse
  • copy the following into the search box

    C:\WINDOWS\System32\drivers\dxgthk.sys
  • and click open.
  • click Send File.
please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.

 

Repeat this with C:\WINDOWS\system32\ntdll.dl


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Prhys

Prhys
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 06 November 2013 - 12:58 PM

I clicked on Virustotal in your message and arrived at https://www.virustotal.com/#file, clicked on "choose file" which allowed me to choose the file from my computer, and the file name appeared in the search box, so I clicked Scan. It did say that it previously had been analysed, so I did as you said and clicked reanalyse. When it had completed, all I saw was a list with Green buttons containing a tick, BUT NO Finished was presented, so NO open or Send File buttons appeared. I repeated it with the same result  and as it was running in a new tab, I left it running while I typed this (and I am very slow typist). It has been running now for at least 20 minutes, without any change.

Advise please



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 07 November 2013 - 03:30 AM

I see that the website has changed.

When the scan is finished youl see the result in form of a red and a green face  on the upper right - copy the link out of your browsers adress bar and post it here.

 

Repeat the whole procedure with the other file.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Prhys

Prhys
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 November 2013 - 08:39 AM

The Site addresses are as follows:

C:\WINDOWS\System32\drivers\dxgthk.sys:
https://www.virustotal.com/en/file/c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419/analysis/1383830979/

C:\WINDOWS\system32\ntdll.dl
https://www.virustotal.com/en/file/54df909101aaec63234a5c33b51d6689fef58b943942bffa9606864f43ec1085/analysis/1383831309/

 

Many thanks for your advises



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 07 November 2013 - 09:00 AM

Fine! :)


Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Prhys

Prhys
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 November 2013 - 03:11 PM

Here is the Log of threats found by ESET on & Nov 2013.

 

C:\Documents and Settings\User\Application Data\Netscape\Navigator\Profiles\of3pgt11.default\prefs.js    JS/SecurityDisabler.A.Gen application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1675\A1058977.dll    a variant of Win32/Toolbar.Conduit.B application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1675\A1058981.dll    Win32/Toolbar.Conduit.O application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1675\A1058982.dll    a variant of Win32/Toolbar.Conduit.B application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060045.exe    probably a variant of Win32/Toolbar.Visicom.C application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060046.dll    a variant of Win32/Toolbar.Visicom.A application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060047.dll    a variant of Win32/Toolbar.Visicom.B application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060050.dll    Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060051.exe    a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060052.dll    Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060053.dll    Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{C1C381B9-4B08-4A63-BA95-432BE5EF2C48}\RP1678\A1060055.dll    Win32/Toolbar.SearchSuite application



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 08 November 2013 - 02:29 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.
  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also
  • Delete junk with JRT

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    SecurityCheck

    Please download SecurityCheck: LINK1 LINK2
    • Save it to your desktop, start it and follow the instructions in the window.
    • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Prhys

Prhys
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 November 2013 - 07:01 AM

Here is AdwCleaner(SO)txt (I could not trace S1.txt):

# AdwCleaner v3.011 - Report created 08/11/2013 at 10:55:18
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - XPPRYCE
# Running from : C:\Documents and Settings\User\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\User\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\User\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\User\Application Data\searchquband
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ghzu6nhc.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ghzu6nhc.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5938 octets] - [08/11/2013 10:54:01]
AdwCleaner[S0].txt - [6019 octets] - [08/11/2013 10:55:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6079 octets] ##########


Here is JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by User on 08/11/2013 at 11:22:41.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3D8B5079-85C1-444B-9280-8F4CB6239D89}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\regwork"
Successfully deleted: [Folder] "C:\Documents and Settings\User\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\regwork"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/11/2013 at 11:29:31.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And here is checkup.txt

Results of screen317's Security Check version 0.99.76  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 AVG PC TuneUp    
 AVG PC TuneUp Language Pack (en-US)
 ESET Online Scanner v3   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG PC TuneUp   
 AVG PC TuneUp Language Pack (en-US)
 CCleaner (remove only)   
 Java 7 Update 45  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.7.700.224  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 23.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 mbamscheduler.exe    
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````
 

______________________________________________________________________________________________________

 

I hope you will advise me on the following few points:

Should I re-install AVG 2014? Or will it be preferable to go over to another Anti-virus program?

Should I  keep AdwCleaner?

What do I do about Malwarebytes Anti-Malware, ComboFix , etc.? (other downloads connected with the actions to clean up my system).

I am very grateful for your assistance.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 08 November 2013 - 07:56 AM

Your system is clean! :)

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Prhys

Prhys
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 11 November 2013 - 04:13 AM

Everything appears to be fine, now, except for the fact it all seems slower. I think I will delete some programs I rarely use and read the topics on start up, etc.

Very many thanks for your assistance.

Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users