Jump to content

Recommended Posts

Malwarebytes is able to remove the rootkits, but they keep coming back. They return slower if I boot into safe mode. The primary symptom is redirection to unwanted websites and opening up new browsing windows to unwanted websites. My DDS and attach files are below. Thanks in advance.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by aida at 20:11:16 on 2012-05-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.316 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ZumoDrive] c:\program files\zecter\zumodrive\ZumoLauncher.lnk

uRun: [Google Update] "c:\documents and settings\aida\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_233_Plugin.exe -update plugin

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [ZumoDrive] "c:\program files\zecter\zumodrive\ZumoLauncher.lnk"

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{9C98642B-78C9-4923-8DFD-BE08F792C45B} : DhcpNameServer = 10.0.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} -

Notify: NecUsb3Sevices - USB3Sw32.dll

Notify: USB3Sw32 - USB3Sw32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php

FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll

FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll

FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\screencaptureelite@plugin\platform\winnt_x86-msvc\components\SCEFF3Client.dll

FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\aida\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com

FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2003-9-15 19016]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-4-12 147416]

S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 129928]

S2 clientservice;Crcdisk;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]

S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]

S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]

S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]

S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 110920]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-29 20160]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253088]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-6 40776]

S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]

S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-5 44928]

.

=============== Created Last 30 ================

.

2012-05-06 14:03:48 54016 -c--a-w- c:\windows\system32\drivers\tjpcg.sys

2012-05-06 09:03:21 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-14 18:49:13 -------- d-----w- C:\8b932b19c531de31486369ac

2012-04-14 18:27:22 -------- d-----w- C:\a13e1fdda4f013cfa6a1

2012-04-13 07:02:44 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-12 22:46:55 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643

2012-04-12 19:46:14 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925

2012-04-12 18:04:45 -------- d-----w- C:\b39195a5979437de95c7ae2e

2012-04-09 17:56:24 418464 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-05-06 02:43:00 0 -csha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-14 05:13:02 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 18:01:33 102400 -c--a-w- c:\windows\RegBootClean.exe

2012-04-11 17:55:44 22032 -c--a-w- c:\windows\DCEBoot.exe

2012-04-04 19:56:40 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-03-06 22:28:49 60304 -c--a-w- c:\documents and settings\aida\g2mdlhlpx.exe

2012-03-01 11:01:32 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 -c----w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 -c--a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 -c----w- c:\windows\system32\html.iec

.

============= FINISH: 20:17:52.07 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/16/2003 3:38:32 AM

System Uptime: 5/5/2012 10:41:11 PM (22 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CUW-FX

Processor: Intel Pentium III processor | PGA 370 | 651/100mhz

.

==== Disk Partitions =========================

.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe SVG Viewer 3.0

Content Buzzer

Content Notifier

Dynamic Traders Group, Inc. DT6 ver 1

EasyCleaner

ePrompter

Foxit Reader

FXDD - MetaTrader 4.00

Google Talk Plugin

GoToMeeting 5.1.0.880

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

J2SE Runtime Environment 5.0 Update 4

Java Auto Updater

Java 6 Update 20

Kcast Beta 2.0.0

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Data Access Components KB870669

Microsoft FrontPage Client - English

Microsoft Office 2000 Premium

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual Studio .NET Professional 2003 - English

Mozilla Firefox (3.6.28)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero - Burning Rom

Panda Cloud Antivirus

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647516)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975254)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SSH Secure Shell

Turbo Trader 2

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Visual Studio .NET Professional 2003 - English

Visual Studio.NET Baseline - English

VLC media player 1.0.5

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 3

ZumoDrive

.

==== Event Viewer Messages From Past Week ========

.

5/3/2012 12:37:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

5/3/2012 12:19:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CbFs Fips P3 PSINKNC

5/3/2012 12:10:11 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

5/3/2012 12:10:01 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: The specified module could not be found.

4/29/2012 5:10:02 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402

4/29/2012 5:10:01 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402

4/29/2012 4:32:00 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

4/29/2012 4:27:47 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The VAIOMediaPlatform-PhotoServer-HTTP service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The USB3 Service service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Snac service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Sfcure01 service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Savrt service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Proxyhostdriver service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The P1131vid service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Mstdc service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ma763004 service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The K750obex service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The CTSYN service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Crcdisk service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Cmudau service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The ClntMgmt.sys service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The BVRPMPR5 service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Awhost32 service terminated with the following error: The specified module could not be found.

4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ati2mtaa service terminated with the following error: The specified module could not be found.

4/29/2012 4:23:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Hello GeeWhiz00 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

I decided to clean. I'll avoid using any passwords on the infected PC.

I realized afterward that I should have done a quick Malwarebytes scan rather than a full scan that took way over 14 hours to complete!.

17:50:35.0415 2984 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

17:50:35.0996 2984 ============================================================

17:50:35.0996 2984 Current date / time: 2012/05/07 17:50:35.0996

17:50:35.0996 2984 SystemInfo:

17:50:35.0996 2984

17:50:35.0996 2984 OS Version: 5.1.2600 ServicePack: 3.0

17:50:35.0996 2984 Product type: Workstation

17:50:35.0996 2984 ComputerName: ADMIN

17:50:35.0996 2984 UserName: aida

17:50:35.0996 2984 Windows directory: C:\WINDOWS

17:50:35.0996 2984 System windows directory: C:\WINDOWS

17:50:35.0996 2984 Processor architecture: Intel x86

17:50:35.0996 2984 Number of processors: 1

17:50:35.0996 2984 Page size: 0x1000

17:50:35.0996 2984 Boot type: Normal boot

17:50:35.0996 2984 ============================================================

17:51:09.0164 2984 Drive \Device\Harddisk0\DR0 - Size: 0x25C77C000 (9.44 Gb), SectorSize: 0x200, Cylinders: 0x4D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:51:09.0324 2984 ============================================================

17:51:09.0324 2984 \Device\Harddisk0\DR0:

17:51:09.0374 2984 MBR partitions:

17:51:09.0374 2984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12E0091

17:51:09.0374 2984 ============================================================

17:51:11.0076 2984 C: <-> \Device\Harddisk0\DR0\Partition0

17:51:11.0176 2984 ============================================================

17:51:11.0176 2984 Initialize success

17:51:11.0176 2984 ============================================================

17:51:15.0383 3128 ============================================================

17:51:15.0383 3128 Scan started

17:51:15.0383 3128 Mode: Manual;

17:51:15.0383 3128 ============================================================

17:51:20.0540 3128 Abiosdsk - ok

17:51:20.0610 3128 abp480n5 - ok

17:51:20.0971 3128 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

17:51:21.0041 3128 ac97intc - ok

17:51:21.0301 3128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:51:21.0321 3128 ACPI - ok

17:51:21.0501 3128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:51:21.0561 3128 ACPIEC - ok

17:51:21.0642 3128 acrsch2svc - ok

17:51:21.0892 3128 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS

17:51:21.0962 3128 ADM8511 - ok

17:51:22.0423 3128 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:51:22.0513 3128 AdobeFlashPlayerUpdateSvc - ok

17:51:22.0583 3128 adpu160m - ok

17:51:22.0673 3128 adsexpb - ok

17:51:22.0853 3128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:51:22.0903 3128 aec - ok

17:51:23.0204 3128 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:51:23.0254 3128 AFD - ok

17:51:23.0304 3128 Aha154x - ok

17:51:23.0374 3128 aic78u2 - ok

17:51:23.0434 3128 aic78xx - ok

17:51:23.0584 3128 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

17:51:23.0624 3128 Alerter - ok

17:51:23.0795 3128 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

17:51:23.0795 3128 ALG - ok

17:51:23.0865 3128 AliIde - ok

17:51:23.0965 3128 amsint - ok

17:51:24.0085 3128 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

17:51:24.0105 3128 AppMgmt - ok

17:51:24.0165 3128 asc - ok

17:51:24.0225 3128 asc3350p - ok

17:51:24.0295 3128 asc3550 - ok

17:51:24.0636 3128 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

17:51:24.0776 3128 aspnet_state - ok

17:51:24.0886 3128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:51:24.0886 3128 AsyncMac - ok

17:51:25.0177 3128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:51:25.0187 3128 atapi - ok

17:51:25.0267 3128 Atdisk - ok

17:51:25.0577 3128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:51:25.0607 3128 Atmarpc - ok

17:51:25.0807 3128 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

17:51:25.0807 3128 AudioSrv - ok

17:51:25.0958 3128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:51:25.0958 3128 audstub - ok

17:51:26.0188 3128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:51:26.0208 3128 Beep - ok

17:51:26.0488 3128 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

17:51:26.0909 3128 BITS - ok

17:51:27.0149 3128 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

17:51:27.0149 3128 Browser - ok

17:51:27.0790 3128 catchme - ok

17:51:28.0101 3128 CbFs (560c3ac812597d58626d6c92fdc7f58d) C:\WINDOWS\system32\drivers\cbfs.sys

17:51:28.0101 3128 CbFs - ok

17:51:28.0211 3128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:51:28.0211 3128 cbidf2k - ok

17:51:28.0281 3128 cd20xrnt - ok

17:51:28.0461 3128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:51:28.0501 3128 Cdaudio - ok

17:51:29.0262 3128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:51:29.0303 3128 Cdfs - ok

17:51:29.0733 3128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:51:29.0783 3128 Cdrom - ok

17:51:29.0843 3128 Changer - ok

17:51:29.0903 3128 cisvc - ok

17:51:29.0963 3128 clientservice - ok

17:51:30.0094 3128 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

17:51:30.0144 3128 ClipSrv - ok

17:51:30.0304 3128 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:51:31.0956 3128 clr_optimization_v2.0.50727_32 - ok

17:51:32.0457 3128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:51:34.0200 3128 clr_optimization_v4.0.30319_32 - ok

17:51:34.0270 3128 CmdIde - ok

17:51:34.0320 3128 COMSysApp - ok

17:51:34.0410 3128 Cpqarray - ok

17:51:34.0530 3128 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

17:51:34.0540 3128 CryptSvc - ok

17:51:34.0590 3128 crystaloutputfileserver - ok

17:51:34.0660 3128 dac2w2k - ok

17:51:34.0720 3128 dac960nt - ok

17:51:34.0780 3128 db2licd - ok

17:51:38.0175 3128 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:51:38.0796 3128 DcomLaunch - ok

17:51:41.0981 3128 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

17:51:42.0191 3128 Dhcp - ok

17:51:47.0379 3128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:51:47.0439 3128 Disk - ok

17:51:47.0499 3128 dmadmin - ok

17:51:49.0311 3128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:51:49.0862 3128 dmboot - ok

17:51:53.0928 3128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:51:54.0018 3128 dmio - ok

17:51:54.0088 3128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:51:54.0098 3128 dmload - ok

17:51:54.0258 3128 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

17:51:54.0258 3128 dmserver - ok

17:51:54.0359 3128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:51:54.0399 3128 DMusic - ok

17:51:54.0769 3128 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

17:51:54.0799 3128 Dnscache - ok

17:51:55.0130 3128 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

17:51:55.0140 3128 Dot3svc - ok

17:51:55.0210 3128 dpti2o - ok

17:51:55.0350 3128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:51:55.0350 3128 drmkaud - ok

17:51:55.0450 3128 DSI_SiUSBXp_3_1 - ok

17:51:55.0630 3128 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

17:51:55.0640 3128 EapHost - ok

17:51:55.0700 3128 ELmou - ok

17:51:55.0761 3128 emproxy - ok

17:51:56.0231 3128 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

17:51:56.0231 3128 ERSvc - ok

17:51:56.0432 3128 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:51:56.0532 3128 Eventlog - ok

17:51:58.0374 3128 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

17:51:58.0895 3128 EventSystem - ok

17:52:02.0540 3128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:52:02.0721 3128 Fastfat - ok

17:52:02.0871 3128 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:52:02.0891 3128 FastUserSwitchingCompatibility - ok

17:52:03.0031 3128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:52:03.0041 3128 Fdc - ok

17:52:03.0331 3128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:52:03.0331 3128 Fips - ok

17:52:03.0452 3128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:52:03.0492 3128 Flpydisk - ok

17:52:04.0163 3128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:52:04.0243 3128 FltMgr - ok

17:52:04.0904 3128 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:52:05.0434 3128 FontCache3.0.0.0 - ok

17:52:05.0535 3128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:52:05.0535 3128 Fs_Rec - ok

17:52:05.0605 3128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:52:05.0625 3128 Ftdisk - ok

17:52:05.0725 3128 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

17:52:05.0795 3128 gameenum - ok

17:52:06.0276 3128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:52:06.0346 3128 Gpc - ok

17:52:06.0917 3128 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:52:07.0027 3128 helpsvc - ok

17:52:07.0097 3128 HidServ - ok

17:52:07.0247 3128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:52:07.0247 3128 HidUsb - ok

17:52:07.0548 3128 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

17:52:07.0608 3128 hkmsvc - ok

17:52:07.0668 3128 hpn - ok

17:52:07.0728 3128 hpt3xx - ok

17:52:08.0359 3128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:52:08.0529 3128 HTTP - ok

17:52:08.0639 3128 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

17:52:08.0689 3128 HTTPFilter - ok

17:52:08.0749 3128 i2omgmt - ok

17:52:08.0809 3128 i2omp - ok

17:52:09.0390 3128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:52:09.0430 3128 i8042prt - ok

17:52:10.0622 3128 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

17:52:10.0782 3128 i81x - ok

17:52:11.0383 3128 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

17:52:11.0413 3128 iAimFP0 - ok

17:52:11.0513 3128 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

17:52:11.0513 3128 iAimFP1 - ok

17:52:11.0573 3128 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

17:52:11.0583 3128 iAimFP2 - ok

17:52:11.0714 3128 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

17:52:11.0734 3128 iAimFP3 - ok

17:52:12.0084 3128 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

17:52:12.0114 3128 iAimFP4 - ok

17:52:12.0214 3128 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

17:52:12.0214 3128 iAimFP5 - ok

17:52:12.0284 3128 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

17:52:12.0294 3128 iAimFP6 - ok

17:52:12.0415 3128 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

17:52:12.0445 3128 iAimFP7 - ok

17:52:12.0735 3128 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

17:52:12.0755 3128 iAimTV0 - ok

17:52:12.0855 3128 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

17:52:12.0855 3128 iAimTV1 - ok

17:52:12.0935 3128 iAimTV2 - ok

17:52:13.0065 3128 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

17:52:13.0075 3128 iAimTV3 - ok

17:52:13.0186 3128 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

17:52:13.0216 3128 iAimTV4 - ok

17:52:13.0336 3128 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

17:52:13.0356 3128 iAimTV5 - ok

17:52:13.0466 3128 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

17:52:13.0476 3128 iAimTV6 - ok

17:52:15.0399 3128 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:52:15.0799 3128 idsvc - ok

17:52:15.0869 3128 imagesrv - ok

17:52:16.0611 3128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:52:16.0631 3128 Imapi - ok

17:52:16.0781 3128 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

17:52:16.0801 3128 ImapiService - ok

17:52:16.0881 3128 ini910u - ok

17:52:16.0931 3128 ino_flpy - ok

17:52:17.0582 3128 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:52:17.0582 3128 IntelIde - ok

17:52:18.0473 3128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:52:18.0503 3128 Ip6Fw - ok

17:52:18.0593 3128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:52:18.0603 3128 IpFilterDriver - ok

17:52:18.0734 3128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:52:18.0744 3128 IpInIp - ok

17:52:19.0465 3128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:52:19.0555 3128 IpNat - ok

17:52:19.0655 3128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:52:19.0695 3128 IPSec - ok

17:52:19.0875 3128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:52:19.0895 3128 IRENUM - ok

17:52:20.0837 3128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:52:20.0857 3128 isapnp - ok

17:52:22.0509 3128 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe

17:52:22.0619 3128 JavaQuickStarterService - ok

17:52:22.0709 3128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:52:22.0709 3128 Kbdclass - ok

17:52:22.0900 3128 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:52:23.0370 3128 kbdhid - ok

17:52:23.0751 3128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:52:23.0771 3128 kmixer - ok

17:52:23.0891 3128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:52:23.0901 3128 KSecDD - ok

17:52:24.0452 3128 KTC111 (50a0090cbbf7ff701230ee1314598aef) C:\WINDOWS\system32\DRIVERS\KTC111.SYS

17:52:24.0462 3128 KTC111 - ok

17:52:24.0572 3128 L8042Kbd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\crcdisk.dll

17:52:24.0582 3128 L8042Kbd ( Backdoor.Multi.ZAccess.gen ) - infected

17:52:24.0582 3128 L8042Kbd - detected Backdoor.Multi.ZAccess.gen (0)

17:52:24.0692 3128 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

17:52:24.0712 3128 lanmanserver - ok

17:52:24.0872 3128 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

17:52:24.0892 3128 lanmanworkstation - ok

17:52:24.0953 3128 lbrtfdc - ok

17:52:25.0353 3128 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

17:52:25.0363 3128 LmHosts - ok

17:52:26.0294 3128 Macromedia Licensing Service (a8382713f5870e4af1de4e8f7af9d882) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

17:52:26.0395 3128 Macromedia Licensing Service - ok

17:52:27.0416 3128 MDM (6a7c978720e23f0622650dbe765acb09) c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

17:52:27.0626 3128 MDM - ok

17:52:27.0757 3128 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

17:52:27.0807 3128 Messenger - ok

17:52:27.0867 3128 mfesmfk - ok

17:52:28.0287 3128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:52:28.0287 3128 mnmdd - ok

17:52:28.0448 3128 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

17:52:28.0458 3128 mnmsrvc - ok

17:52:28.0578 3128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:52:28.0588 3128 Modem - ok

17:52:28.0738 3128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:52:28.0768 3128 Mouclass - ok

17:52:28.0908 3128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:52:28.0918 3128 mouhid - ok

17:52:29.0379 3128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:52:29.0389 3128 MountMgr - ok

17:52:29.0449 3128 mraid35x - ok

17:52:29.0589 3128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:52:29.0609 3128 MRxDAV - ok

17:52:31.0262 3128 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:52:31.0532 3128 MRxSmb - ok

17:52:31.0782 3128 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

17:52:31.0792 3128 MSDTC - ok

17:52:32.0213 3128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:52:32.0223 3128 Msfs - ok

17:52:32.0283 3128 MSIServer - ok

17:52:32.0383 3128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:52:32.0393 3128 MSKSSRV - ok

17:52:32.0503 3128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:52:32.0513 3128 MSPCLOCK - ok

17:52:32.0604 3128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:52:32.0614 3128 MSPQM - ok

17:52:32.0774 3128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:52:32.0784 3128 mssmbios - ok

17:52:32.0924 3128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:52:33.0325 3128 Mup - ok

17:52:33.0805 3128 NanoServiceMain (9799191f31740eb7979c3b012aa6ba5b) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

17:52:33.0835 3128 NanoServiceMain - ok

17:52:34.0516 3128 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

17:52:34.0626 3128 napagent - ok

17:52:35.0488 3128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:52:35.0578 3128 NDIS - ok

17:52:35.0668 3128 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:52:35.0668 3128 NdisTapi - ok

17:52:35.0808 3128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:52:35.0808 3128 Ndisuio - ok

17:52:36.0319 3128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:52:36.0359 3128 NdisWan - ok

17:52:36.0910 3128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:52:36.0930 3128 NDProxy - ok

17:52:36.0990 3128 NecUsb3 - ok

17:52:37.0461 3128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:52:37.0471 3128 NetBIOS - ok

17:52:37.0591 3128 NetBT (7b0238b9b720e2f19ec2d435ba3acf54) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:52:37.0601 3128 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 7b0238b9b720e2f19ec2d435ba3acf54, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d

17:52:37.0611 3128 NetBT ( Virus.Win32.ZAccess.k ) - infected

17:52:37.0611 3128 NetBT - detected Virus.Win32.ZAccess.k (0)

17:52:37.0761 3128 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:52:37.0791 3128 NetDDE - ok

17:52:37.0851 3128 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:52:37.0861 3128 NetDDEdsdm - ok

17:52:38.0352 3128 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:52:38.0372 3128 Netlogon - ok

17:52:38.0542 3128 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

17:52:38.0572 3128 Netman - ok

17:52:39.0714 3128 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

17:52:40.0355 3128 NetTcpPortSharing - ok

17:52:40.0555 3128 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

17:52:40.0665 3128 Nla - ok

17:52:40.0765 3128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:52:40.0775 3128 Npfs - ok

17:52:44.0340 3128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:52:44.0601 3128 Ntfs - ok

17:52:44.0671 3128 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

17:52:44.0671 3128 NtLmSsp - ok

17:52:46.0824 3128 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

17:52:47.0465 3128 NtmsSvc - ok

17:52:47.0585 3128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:52:47.0585 3128 Null - ok

17:52:47.0665 3128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:52:47.0665 3128 NwlnkFlt - ok

17:52:47.0775 3128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:52:47.0805 3128 NwlnkFwd - ok

17:52:47.0876 3128 oracleservicelocalora - ok

17:52:48.0657 3128 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

17:52:48.0677 3128 P3 - ok

17:52:48.0787 3128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:52:48.0797 3128 Parport - ok

17:52:49.0318 3128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:52:49.0368 3128 PartMgr - ok

17:52:49.0538 3128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:52:49.0548 3128 ParVdm - ok

17:52:49.0728 3128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:52:49.0748 3128 PCI - ok

17:52:49.0798 3128 PCIDump - ok

17:52:49.0868 3128 PCIIde - ok

17:52:50.0579 3128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:52:50.0660 3128 Pcmcia - ok

17:52:50.0720 3128 pcx1unic - ok

17:52:50.0780 3128 PDCOMP - ok

17:52:50.0850 3128 PDFRAME - ok

17:52:50.0910 3128 PDRELI - ok

17:52:50.0970 3128 PDRFRAME - ok

17:52:51.0030 3128 perc2 - ok

17:52:51.0090 3128 perc2hib - ok

17:52:51.0290 3128 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:52:51.0300 3128 PlugPlay - ok

17:52:51.0371 3128 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:52:51.0371 3128 PolicyAgent - ok

17:52:51.0461 3128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:52:51.0471 3128 PptpMiniport - ok

17:52:51.0511 3128 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:52:51.0521 3128 ProtectedStorage - ok

17:52:52.0142 3128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:52:52.0182 3128 PSched - ok

17:52:53.0403 3128 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys

17:52:53.0413 3128 PSINAflt - ok

17:52:54.0956 3128 PSINFile (b573f1ee01046612576907bb08ad8e6f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys

17:52:54.0956 3128 PSINFile - ok

17:52:57.0469 3128 PSINKNC (51b0bab73ec899399e5d6034105d6f21) C:\WINDOWS\system32\DRIVERS\psinknc.sys

17:52:57.0479 3128 PSINKNC - ok

17:52:57.0990 3128 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys

17:52:57.0990 3128 PSINProc - ok

17:52:58.0150 3128 PSINProt (47345c84b45003d4b5975cda5f026787) C:\WINDOWS\system32\DRIVERS\PSINProt.sys

17:52:58.0160 3128 PSINProt - ok

17:52:58.0351 3128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:52:58.0361 3128 Ptilink - ok

17:52:58.0421 3128 ql1080 - ok

17:52:58.0501 3128 Ql10wnt - ok

17:52:58.0561 3128 ql12160 - ok

17:52:58.0621 3128 ql1240 - ok

17:52:58.0691 3128 ql1280 - ok

17:52:58.0741 3128 qserver - ok

17:52:58.0821 3128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:52:58.0821 3128 RasAcd - ok

17:52:59.0222 3128 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

17:52:59.0312 3128 RasAuto - ok

17:52:59.0773 3128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:52:59.0793 3128 Rasl2tp - ok

17:53:00.0724 3128 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

17:53:00.0754 3128 RasMan - ok

17:53:00.0864 3128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:53:00.0884 3128 RasPppoe - ok

17:53:01.0064 3128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:53:01.0064 3128 Raspti - ok

17:53:01.0565 3128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:53:01.0605 3128 Rdbss - ok

17:53:01.0946 3128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:53:01.0966 3128 RDPCDD - ok

17:53:02.0256 3128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:53:02.0306 3128 rdpdr - ok

17:53:02.0837 3128 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:53:02.0947 3128 RDPWD - ok

17:53:03.0127 3128 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

17:53:03.0147 3128 RDSessMgr - ok

17:53:03.0518 3128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:53:03.0538 3128 redbook - ok

17:53:03.0648 3128 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

17:53:03.0658 3128 RemoteAccess - ok

17:53:03.0778 3128 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

17:53:03.0788 3128 RemoteRegistry - ok

17:53:03.0848 3128 RkPavproc1 - ok

17:53:04.0119 3128 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

17:53:04.0159 3128 RpcLocator - ok

17:53:05.0911 3128 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

17:53:05.0931 3128 RpcSs - ok

17:53:06.0002 3128 RR2Vbi - ok

17:53:06.0092 3128 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

17:53:06.0132 3128 RSVP - ok

17:53:06.0252 3128 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:53:06.0252 3128 SamSs - ok

17:53:06.0382 3128 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

17:53:06.0422 3128 SCardSvr - ok

17:53:07.0944 3128 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

17:53:08.0145 3128 Schedule - ok

17:53:08.0375 3128 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys

17:53:08.0385 3128 SDTHOOK - ok

17:53:08.0455 3128 SE2Bmdfl - ok

17:53:08.0555 3128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:53:08.0565 3128 Secdrv - ok

17:53:08.0776 3128 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

17:53:08.0786 3128 seclogon - ok

17:53:09.0066 3128 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

17:53:09.0076 3128 SENS - ok

17:53:09.0146 3128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:53:09.0156 3128 serenum - ok

17:53:09.0937 3128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:53:09.0987 3128 Serial - ok

17:53:10.0368 3128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:53:10.0388 3128 Sfloppy - ok

17:53:11.0369 3128 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

17:53:11.0479 3128 SharedAccess - ok

17:53:11.0680 3128 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:53:11.0690 3128 ShellHWDetection - ok

17:53:11.0750 3128 Simbad - ok

17:53:12.0341 3128 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe

17:53:12.0381 3128 SNMP - ok

17:53:12.0521 3128 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe

17:53:12.0571 3128 SNMPTRAP - ok

17:53:12.0631 3128 Sparrow - ok

17:53:12.0691 3128 spbbcsvc - ok

17:53:12.0791 3128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:53:12.0791 3128 splitter - ok

17:53:13.0232 3128 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:53:13.0252 3128 Spooler - ok

17:53:13.0623 3128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys

17:53:13.0663 3128 sr - ok

17:53:13.0833 3128 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

17:53:13.0883 3128 srservice - ok

17:53:15.0736 3128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:53:15.0946 3128 Srv - ok

17:53:16.0356 3128 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

17:53:16.0376 3128 SSDPSRV - ok

17:53:17.0158 3128 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

17:53:17.0418 3128 stisvc - ok

17:53:17.0518 3128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:53:17.0548 3128 swenum - ok

17:53:17.0678 3128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:53:17.0678 3128 swmidi - ok

17:53:17.0748 3128 SwPrv - ok

17:53:17.0829 3128 symc810 - ok

17:53:17.0889 3128 symc8xx - ok

17:53:17.0949 3128 sym_hi - ok

17:53:18.0019 3128 sym_u3 - ok

17:53:18.0119 3128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:53:18.0129 3128 sysaudio - ok

17:53:18.0229 3128 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

17:53:18.0249 3128 SysmonLog - ok

17:53:18.0880 3128 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

17:53:18.0910 3128 TapiSrv - ok

17:53:19.0511 3128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:53:19.0671 3128 Tcpip - ok

17:53:19.0761 3128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:53:19.0791 3128 TDPIPE - ok

17:53:19.0892 3128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:53:19.0922 3128 TDTCP - ok

17:53:20.0072 3128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:53:20.0082 3128 TermDD - ok

17:53:20.0352 3128 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

17:53:20.0633 3128 TermService - ok

17:53:20.0793 3128 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:53:20.0803 3128 Themes - ok

17:53:20.0923 3128 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe

17:53:20.0973 3128 TlntSvr - ok

17:53:21.0033 3128 TosIde - ok

17:53:21.0444 3128 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

17:53:21.0454 3128 TrkWks - ok

17:53:21.0624 3128 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

17:53:21.0634 3128 U2SP - ok

17:53:22.0295 3128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:53:22.0305 3128 Udfs - ok

17:53:22.0365 3128 ultra - ok

17:53:22.0485 3128 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\System32\wdfmgr.exe

17:53:22.0495 3128 UMWdf - ok

17:53:22.0756 3128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:53:22.0826 3128 Update - ok

17:53:22.0976 3128 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

17:53:23.0006 3128 upnphost - ok

17:53:23.0437 3128 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

17:53:23.0447 3128 UPS - ok

17:53:23.0557 3128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:53:23.0557 3128 usbccgp - ok

17:53:23.0697 3128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:53:23.0707 3128 usbhub - ok

17:53:23.0997 3128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:53:24.0098 3128 usbprint - ok

17:53:24.0528 3128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:53:24.0558 3128 usbscan - ok

17:53:24.0718 3128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:53:24.0769 3128 USBSTOR - ok

17:53:24.0999 3128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:53:25.0009 3128 usbuhci - ok

17:53:25.0119 3128 vet-filt - ok

17:53:25.0339 3128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:53:25.0359 3128 VgaSave - ok

17:53:25.0440 3128 ViaIde - ok

17:53:25.0560 3128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:53:25.0570 3128 VolSnap - ok

17:53:25.0760 3128 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

17:53:25.0800 3128 VSS - ok

17:53:25.0880 3128 w200mdfl - ok

17:53:26.0261 3128 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

17:53:26.0291 3128 W32Time - ok

17:53:26.0411 3128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:53:26.0411 3128 Wanarp - ok

17:53:26.0501 3128 WDICA - ok

17:53:26.0651 3128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:53:26.0661 3128 wdmaud - ok

17:53:26.0952 3128 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

17:53:26.0962 3128 WebClient - ok

17:53:27.0042 3128 webrootspysweeperservice - ok

17:53:27.0142 3128 websensepolicyserver - ok

17:53:27.0442 3128 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:53:27.0452 3128 winmgmt - ok

17:53:27.0673 3128 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\System32\MsPMSNSv.dll

17:53:27.0683 3128 WmdmPmSN - ok

17:53:27.0953 3128 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

17:53:28.0073 3128 Wmi - ok

17:53:28.0264 3128 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

17:53:28.0274 3128 WmiApSrv - ok

17:53:28.0764 3128 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

17:53:28.0905 3128 WPFFontCache_v0400 - ok

17:53:29.0105 3128 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

17:53:29.0125 3128 wuauserv - ok

17:53:29.0355 3128 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

17:53:29.0425 3128 WZCSVC - ok

17:53:29.0595 3128 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

17:53:29.0616 3128 xmlprov - ok

17:53:29.0776 3128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:53:31.0729 3128 \Device\Harddisk0\DR0 - ok

17:53:32.0069 3128 Boot (0x1200) (af08ed6153a75f30b7d14bcd184ec016) \Device\Harddisk0\DR0\Partition0

17:53:32.0079 3128 \Device\Harddisk0\DR0\Partition0 - ok

17:53:32.0099 3128 ============================================================

17:53:32.0109 3128 Scan finished

17:53:32.0109 3128 ============================================================

17:53:32.0199 3120 Detected object count: 2

17:53:32.0199 3120 Actual detected object count: 2

17:57:13.0427 3120 L8042Kbd ( Backdoor.Multi.ZAccess.gen ) - skipped by user

17:57:13.0427 3120 L8042Kbd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip

17:57:13.0918 3120 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine

17:57:15.0530 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\@ - copied to quarantine

17:57:15.0600 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\cfg.ini - copied to quarantine

17:57:15.0691 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\Desktop.ini - copied to quarantine

17:57:15.0821 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\L\akygdmgo - copied to quarantine

17:57:15.0901 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\oemid - copied to quarantine

17:57:16.0021 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000001.@ - copied to quarantine

17:57:16.0382 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000002.@ - copied to quarantine

17:57:16.0502 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000004.@ - copied to quarantine

17:57:16.0612 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000000.@ - copied to quarantine

17:57:16.0722 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000004.@ - copied to quarantine

17:57:16.0782 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000032.@ - copied to quarantine

17:57:16.0822 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\version - copied to quarantine

17:57:23.0101 3120 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813

17:57:42.0659 3120 Backup copy found, using it..

17:57:44.0091 3120 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot

17:57:53.0976 3120 C:\WINDOWS\$NtUninstallKB33768$\1303206663 - will be deleted on reboot

17:57:53.0976 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\@ - will be deleted on reboot

17:57:53.0996 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\cfg.ini - will be deleted on reboot

17:57:54.0006 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\Desktop.ini - will be deleted on reboot

17:57:54.0046 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\oemid - will be deleted on reboot

17:57:54.0046 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000001.@ - will be deleted on reboot

17:57:54.0046 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000002.@ - will be deleted on reboot

17:57:54.0066 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000004.@ - will be deleted on reboot

17:57:54.0076 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000000.@ - will be deleted on reboot

17:57:54.0086 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000004.@ - will be deleted on reboot

17:57:54.0086 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000032.@ - will be deleted on reboot

17:57:54.0086 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\version - will be deleted on reboot

17:57:54.0126 3120 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure

18:02:00.0110 2896 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.07.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

aida :: ADMIN [administrator]

5/7/2012 6:22:43 PM

mbam-log-2012-05-07 (18-22-43).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 271054

Time elapsed: 14 hour(s), 39 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\WINDOWS\system32\crcdisk.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\WINDOWS\system32\crcdisk.dll (RootKit.0Access.H) -> Delete on reboot.

C:\TDSSKiller_Quarantine\07.05.2012_17.50.35\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by aida at 10:56:57 on 2012-05-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.331 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ZumoDrive] c:\program files\zecter\zumodrive\ZumoLauncher.lnk

uRun: [Google Update] "c:\documents and settings\aida\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [ZumoDrive] "c:\program files\zecter\zumodrive\ZumoLauncher.lnk"

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{9C98642B-78C9-4923-8DFD-BE08F792C45B} : DhcpNameServer = 10.0.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} -

Notify: NecUsb3Sevices - USB3Sw32.dll

Notify: USB3Sw32 - USB3Sw32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php

FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll

FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll

FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\screencaptureelite@plugin\platform\winnt_x86-msvc\components\SCEFF3Client.dll

FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\aida\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com

FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-4-12 147416]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]

R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2003-9-15 19016]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-29 20160]

.

=============== Created Last 30 ================

.

2012-05-07 21:57:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-14 18:49:13 -------- d-----w- C:\8b932b19c531de31486369ac

2012-04-14 18:27:22 -------- d-----w- C:\a13e1fdda4f013cfa6a1

2012-04-13 07:02:44 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-12 22:46:55 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643

2012-04-12 19:46:14 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925

2012-04-12 18:04:45 -------- d-----w- C:\b39195a5979437de95c7ae2e

2012-04-09 17:56:24 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-05-07 23:13:00 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-07 22:04:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-05-07 21:45:14 0 -csha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-13 18:01:33 102400 -c--a-w- c:\windows\RegBootClean.exe

2012-04-11 17:55:44 22032 -c--a-w- c:\windows\DCEBoot.exe

2012-04-04 19:56:40 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-03-06 22:28:49 60304 -c--a-w- c:\documents and settings\aida\g2mdlhlpx.exe

2012-03-01 11:01:32 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 -c----w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 -c--a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 -c----w- c:\windows\system32\html.iec

.

============= FINISH: 11:05:14.87 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/16/2003 3:38:32 AM

System Uptime: 5/8/2012 10:22:23 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CUW-FX

Processor: Intel Pentium III processor | PGA 370 | 651/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 9 GiB total, 0.278 GiB free.

D: is CDROM ()

R: is NetworkDisk (NTFS) - 75 GiB total, 44.238 GiB free.

U: is NetworkDisk (NTFS) - 75 GiB total, 33.243 GiB free.

W: is NetworkDisk (NTFS) - 14 GiB total, 2.982 GiB free.

Z: is NetworkDisk (NTFS) - 1397 GiB total, 1229.493 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: ADMtek ADM8511 USB To Fast Ethernet Converter

Device ID: USB\VID_07A6&PID_8511\0001

Manufacturer: ADMtek Incorporated

Name: ADMtek ADM8511 USB To Fast Ethernet Converter

PNP Device ID: USB\VID_07A6&PID_8511\0001

Service: ADM8511

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe SVG Viewer 3.0

Content Buzzer

Content Notifier

Dynamic Traders Group, Inc. DT6 ver 1

EasyCleaner

ePrompter

Foxit Reader

FXDD - MetaTrader 4.00

Google Talk Plugin

GoToMeeting 5.1.0.880

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

J2SE Runtime Environment 5.0 Update 4

Java Auto Updater

Java 6 Update 20

Kcast Beta 2.0.0

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Data Access Components KB870669

Microsoft FrontPage Client - English

Microsoft Office 2000 Premium

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual Studio .NET Professional 2003 - English

Mozilla Firefox (3.6.28)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero - Burning Rom

Panda Cloud Antivirus

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647516)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975254)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SSH Secure Shell

Turbo Trader 2

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Visual Studio .NET Professional 2003 - English

Visual Studio.NET Baseline - English

VLC media player 1.0.5

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 3

ZumoDrive

.

==== Event Viewer Messages From Past Week ========

.

5/8/2012 9:10:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402

5/8/2012 9:10:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402

5/8/2012 8:10:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402

5/8/2012 8:10:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402

5/8/2012 7:10:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402

5/8/2012 7:10:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402

5/8/2012 6:10:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402

5/8/2012 6:10:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402

5/8/2012 5:10:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402

5/8/2012 5:10:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402

5/8/2012 4:10:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402

5/8/2012 4:10:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

5/8/2012 3:10:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402

5/8/2012 3:10:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402

5/8/2012 2:10:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402

5/8/2012 2:10:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402

5/8/2012 12:10:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

5/8/2012 12:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

5/8/2012 10:25:26 AM, error: Service Control Manager [7023] - The HIDSwvd service terminated with the following error: The specified module could not be found.

5/8/2012 10:10:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402

5/8/2012 10:10:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402

5/8/2012 1:10:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402

5/8/2012 1:10:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402

5/7/2012 9:10:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402

5/7/2012 9:10:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402

5/7/2012 8:10:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402

5/7/2012 8:10:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402

5/7/2012 7:10:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402

5/7/2012 7:10:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402

5/7/2012 6:10:01 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402

5/7/2012 6:10:01 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402

5/7/2012 6:08:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.

5/7/2012 5:47:55 PM, error: Service Control Manager [7023] - The Radiosvr service terminated with the following error: The specified module could not be found.

5/7/2012 11:10:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402

5/7/2012 11:10:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

5/7/2012 10:10:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402

5/7/2012 10:10:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402

5/6/2012 11:24:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

5/5/2012 10:45:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/5/2012 10:43:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CbFs Fips P3 PSINKNC

5/3/2012 12:14:42 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

5/3/2012 12:10:11 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

5/3/2012 12:10:01 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402

5/3/2012 12:07:02 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The VAIOMediaPlatform-PhotoServer-HTTP service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The USB3 Service service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Snac service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Sfcure01 service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Savrt service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Proxyhostdriver service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The P1131vid service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Mstdc service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Ma763004 service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The K750obex service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The CTSYN service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Crcdisk service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Cmudau service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The ClntMgmt.sys service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The BVRPMPR5 service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Awhost32 service terminated with the following error: The specified module could not be found.

5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Ati2mtaa service terminated with the following error: The specified module could not be found.

.

==== End Of File ===========================

Link to post
Share on other sites

Very good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I ran it twice since the instructions said that running once may not fix everything. . The 2 logs are below:

ComboFix 12-05-09.01 - aida 05/09/2012 18:31:11.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.280 [GMT -4:00]

Running from: c:\documents and settings\aida\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\aida\Application Data\ubot

c:\documents and settings\aida\g2mdlhlpx.exe

c:\windows\$NtUninstallKB33768$\2796826727

c:\windows\$NtUninstallKB33768$\3152164874\@

c:\windows\$NtUninstallKB33768$\3152164874\cfg.ini

c:\windows\$NtUninstallKB33768$\3152164874\Desktop.ini

c:\windows\$NtUninstallKB33768$\3152164874\L\akygdmgo

c:\windows\iun6002.exe

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\QuickTime.exe

c:\windows\$NtUninstallKB33768$ . . . . Failed to delete

.

c:\windows\system32\drivers\cbfs.sys . . . is infected!! . . . Failed to find a valid replacement.

.

((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))

.

.

2012-05-07 21:57 . 2012-05-07 21:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-14 18:49 . 2012-04-14 18:49 -------- d-----w- C:\8b932b19c531de31486369ac

2012-04-14 18:27 . 2012-04-14 18:28 -------- d-----w- C:\a13e1fdda4f013cfa6a1

2012-04-13 07:02 . 2011-06-21 04:09 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-12 22:46 . 2012-04-12 22:47 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643

2012-04-12 19:46 . 2012-04-12 19:46 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925

2012-04-12 18:04 . 2012-04-12 18:05 -------- d-----w- C:\b39195a5979437de95c7ae2e

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe

2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe

2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

.

.

[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys

[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys

[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\kbdclass.sys

[7] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

.

[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys

[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ndis.sys

[-] 2003-10-04 . D999CE17681D7D074D534FC5BC662E0A . 168192 . . [5.1.2600.1254] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826942$\ndis.sys

.

[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys

[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntfs.sys

[7] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2001-08-23 . 70FAE0DCFDFAA0838D6778FCA028CE01 . 533504 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ315403$\ntfs.sys

.

[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys

[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys

[-] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2QFE\tcpip.sys

[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2GDR\tcpip.sys

[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP1QFE\tcpip.sys

[-] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp1qfe\tcpip.sys

[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\tcpip.sys

[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\tcpip.sys

[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys

[-] 2005-02-23 . 466CBD4831E80729173654AB2B8C0FEE . 339968 . . [5.1.2600.1630] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys

[7] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

.

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\browser.dll

[-] 2004-03-30 . 34B4B8B9BC07449E9B340C93C468F92A . 48640 . . [5.1.2600.105] . . c:\windows\$NtUninstallKB841873_RTM$\browser.dll

[7] 2002-08-29 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2001-08-23 . 1C9CDCAD17F23BB7206451802307C529 . 49152 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB835732_RTM$\browser.dll

.

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\lsass.exe

[7] 2002-08-29 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

.

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 838B1DF317D55BFFF67F99F1AE7ECEB7 . 154624 . . [5.1.2600.1733] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\netman.dll

[7] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414$\netman.dll

.

[7] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2004-08-04 07:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\comres.dll

[-] 2001-08-23 12:00 . 1F51839ECCF908FD86558198909262E4 . 792064 . . [2001.12.4414.42] . . c:\windows\$NtServicePackUninstall$\comres.dll

.

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\qmgr.dll

[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2002-01-22 . 9507281D9AFD440F0DA09BE6B7093C43 . 179712 . . [6.0.2600.27] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2001-08-23 . 3E6ACF2CD2E8C19B16E4B42D08CA3838 . 179200 . . [6.0.2600.0] . . c:\windows\$NtUninstallQ314862$\qmgr.dll

.

[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll

[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll

[-] 2005-07-26 . 0D903904A1CDDAA2AE29F48176C683D4 . 276992 . . [5.1.2600.1720] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2GDR\rpcss.dll

[-] 2005-01-14 . 4493E3E2C9449D96F703861D73C58B88 . 284672 . . [5.1.2600.1619] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\rpcss.dll

[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\windows\$xpsp1hfm$\KB828741\rpcss.dll

[-] 2003-08-25 . D6755C39AE02ECDA111156401EC62022 . 204288 . . [5.1.2600.118] . . c:\windows\$NtUninstallKB828741_RTM$\rpcss.dll

[-] 2003-08-25 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\$xpsp1hfm$\KB824146\rpcss.dll

[7] 2002-08-29 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB828741$\rpcss.dll

[-] 2001-08-23 . 3F1C4DC5F03535E544996968DD225837 . 259072 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB824146_RTM$\rpcss.dll

.

[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe

[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\services.exe

[-] 2001-08-23 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

.

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . 6B4BF97957A0B8795811975D4BF1ACFE . 53248 . . [5.1.2600.1699] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe

[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\spoolsv.exe

[-] 2001-08-23 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

.

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\winlogon.exe

[7] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

.

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

[-] 2004-08-04 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wuauclt.exe

[7] 2002-08-29 . A3763CE319D9EB3EC2AC04901F293B9D . 139776 . . [5.4.3630.1106] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe

.

[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

[-] 2006-05-13 . 5B09EA8ABB09C22F7574FA52DC9BD752 . 74368 . . [5.1.2600.1842] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ipsec.sys

[7] 2002-08-29 . 1C4802409CFD4A7051F458B744CFCAA5 . 57984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB911280$\ipsec.sys

.

[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2006-08-25 . 44AA778B2329428C9E8D5367BCF91CDD . 561664 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll

[-] 2006-07-13 . E48A8A28835914878C9716E71032A10C . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll

[-] 2006-03-17 . 551E967F1E08EE6E205FCB5ADCB0DFC5 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-03-17 . 551E967F1E08EE6E205FCB5ADCB0DFC5 . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll

[-] 2005-09-01 . A93B7C3B08B9AC15B4DCDC96A50E4C2C . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll

[-] 2005-03-12 . F6A21D5476C7B4CA9873D97BD246D6EB . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll

[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\comctl32.dll

[-] 2004-04-17 . A7B3F3FB365B8B3B29C7C7322392C765 . 921600 . . [6.0] . . c:\windows\$xpsp1hfm$\KB839645\asms\60\msft\windows\Common\Controls\comctl32.dll

[-] 2004-04-17 . A7B3F3FB365B8B3B29C7C7322392C765 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll

[7] 2002-08-29 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[7] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[7] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

.

[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll

[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\cryptsvc.dll

[-] 2003-03-26 . 8B6DA0009AB7B3B8A5E9E28015A32EA7 . 53760 . . [5.1.2600.1190] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[7] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826939$\cryptsvc.dll

.

[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll

[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[7] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[7] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2GDR\es.dll

[-] 2005-07-26 04:31 . 01B2EF40AAAF29786B0F906C487DD56A . 227328 . . [2001.12.4414.62] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\es.dll

[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$xpsp1hfm$\KB828741\es.dll

[-] 2004-03-06 02:05 . 08A859AA98E5991E05E92C3893FD3439 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtUninstallKB828741$\es.dll

[-] 2001-08-23 12:00 . F5963768CFD62FDB926FDB588EE69315 . 224768 . . [2001.12.4414.42] . . c:\windows\$NtUninstallKB828741_RTM$\es.dll

.

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\imm32.dll

[7] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll

[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll

[-] 2006-07-05 . 7815BF93413A3E504DAC1676BDE2D78F . 928768 . . [5.1.2600.1869] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\kernel32.dll

[7] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

.

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2005-09-01 . 71E9F9E000221536047E059CBE2FE211 . 16384 . . [5.1.2600.1740] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll

[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\linkinfo.dll

[-] 2001-08-23 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

.

[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll

[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\lpk.dll

[-] 2001-08-23 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll

.

[7] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\mshtml.dll

[7] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\mshtml.dll

.

[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\msvcrt.dll

[7] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll

[7] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[7] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

.

[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll

[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\mswsock.dll

[-] 2001-08-23 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

.

[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll

[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\netlogon.dll

[7] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

.

[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll

[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\powrprof.dll

[-] 2001-08-23 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

.

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\scecli.dll

[7] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll

.

[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll

[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\sfc.dll

[-] 2001-08-23 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll

.

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\svchost.exe

[-] 2001-08-23 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

.

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll

[-] 2005-07-08 . 5F0469FF26B19790B5A0D7C77871B6CD . 238592 . . [5.1.2600.1715] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tapisrv.dll

[7] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

.

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . 74202EB1BD67E8BE9509E38C8D2234B0 . 561152 . . [5.1.2600.1634] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll

[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\user32.dll

[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\$xpsp1hfm$\KB824141\user32.dll

[-] 2002-11-22 . 1BD18B332A07FD10BF0322C352A78078 . 528896 . . [5.1.2600.104] . . c:\windows\$NtUninstallKB824141_RTM$\user32.dll

[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB824141$\user32.dll

[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$xpsp1hfm$\Q328310\user32.dll

[7] 2002-08-29 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ328310$\user32.dll

[-] 2001-08-23 . BE57A5C3ABD240514B98F6BCA872FB21 . 561152 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ328310_RTM$\user32.dll

.

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\userinit.exe

[7] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

.

[7] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\wininet.dll

[7] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\wininet.dll

[7] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll

[7] 2011-12-19 . B701B7DF6B9B243B155523B5F868A90A . 667136 . . [6.00.2900.6182] . . c:\windows\ie8\wininet.dll

[7] 2011-12-19 . 19404059BFBD2DDA979D5FD3D744DE8B . 668672 . . [6.00.2900.6182] . . c:\windows\$hf_mig$\KB2647516\SP3QFE\wininet.dll

[7] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll

[7] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3GDR\wininet.dll

[7] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll

[7] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3QFE\wininet.dll

[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll

[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\wininet.dll

[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll

[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\wininet.dll

.

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2006-08-16 . 7B6A08441A4F11320421599D7ECF8D41 . 70656 . . [5.1.2600.1886] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2006-05-19 . 3748E0FC8C1B6ADA49F98C8E69A4228C . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819$\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ws2_32.dll

[-] 2003-07-10 . 06BF1D3C21274F92DDD0E09317C80B35 . 70656 . . [5.1.2600.1240] . . c:\windows\$NtUninstallKB914388$\ws2_32.dll

[-] 2001-08-23 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB817778$\ws2_32.dll

.

[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ws2help.dll

[-] 2001-08-23 . 235C7EF9AEDDE76801169DC61FA72DEF . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

.

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\explorer.exe

[-] 2003-05-12 . A73BC66A95CF4F7B597FC8975778A889 . 996352 . . [6.00.2800.1221] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB820291$\explorer.exe

.

[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe

[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\regedit.exe

[7] 2002-08-29 . B28FB518CD2949715CBFCE0E93A7A535 . 134144 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\regedit.exe

.

[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll

[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll

[7] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll

[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll

[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\ole32.dll

[-] 2005-07-26 . F07397DBDBD249D379CFDEEE6D9BF545 . 1190400 . . [5.1.2600.1720] . . c:\windows\$NtServicePackUninstall$\ole32.dll

[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

.

[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\usp10.dll

[7] 2002-08-29 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ksuser.dll

[-] 2001-08-17 . E486A5A8D51CEFF00404DC5AFF0A8330 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ksuser.dll

.

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ctfmon.exe

[7] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2004-10-28 . AD324E21EF7E668C9910EB5ADF6495C0 . 116736 . . [6.00.2800.1605] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\shsvcs.dll

[7] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835$\shsvcs.dll

.

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\srsvc.dll

[7] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe

[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wscntfy.exe

.

[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll

[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\xmlprov.dll

.

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\eventlog.dll

[7] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

.

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\sfcfiles.dll

[7] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2001-08-23 . 9E415EFDF50F26BCBC97C80F4E6C30CC . 1562112 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ309521$\sfcfiles.dll

.

[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

[-] 2006-05-13 . 5B09EA8ABB09C22F7574FA52DC9BD752 . 74368 . . [5.1.2600.1842] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ipsec.sys

[7] 2002-08-29 . 1C4802409CFD4A7051F458B744CFCAA5 . 57984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB911280$\ipsec.sys

.

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\regsvc.dll

[-] 2001-08-23 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

.

[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll

[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\schedsvc.dll

[-] 2004-06-08 . 08D72F6490CD85AA1C12EF3B56299936 . 172544 . . [5.1.2600.1564] . . c:\windows\$hf_mig$\KB841873\SP1QFE\schedsvc.dll

[-] 2004-06-08 . 08D72F6490CD85AA1C12EF3B56299936 . 172544 . . [5.1.2600.1564] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[7] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB841873$\schedsvc.dll

[-] 2001-08-23 . F6E2095CBC14522CEACD2853620FAF4D . 158720 . . [4.71.2600.1] . . c:\windows\$NtUninstallKB841873_RTM$\schedsvc.dll

.

[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll

[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ssdpsrv.dll

[7] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2001-08-23 . 126D90EE937FFEBACEE30BCA13D92F97 . 39936 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ315000$\ssdpsrv.dll

.

[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll

[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\termsrv.dll

[7] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2001-08-23 . 458635D2E4559526CF9C895340A38702 . 197632 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ311889$\termsrv.dll

.

[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\hnetcfg.dll

[7] 2002-08-29 . F5FBCABFE303D309DF5163ABFBBB6958 . 240640 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

.

[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll

[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\appmgmts.dll

[7] 2002-08-29 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

.

[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys

[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys

[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys

[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\aec.sys

[7] 2002-08-29 06:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys

.

[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys

[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\agp440.sys

.

[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys

[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ip6fw.sys

[-] 2003-06-30 . EDDCA9C72F1E7F2E2E2AB6AD7106C4A5 . 29952 . . [5.1.2600.1240] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

.

[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll

[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2001-08-23 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

.

[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll

[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\msgsvc.dll

[-] 2003-10-21 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2003-10-21 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\$xpsp1hfm$\KB828035\msgsvc.dll

[-] 2003-10-21 . 30846EB33203E3E777B87EAD4ED1B2D9 . 32256 . . [5.1.2600.121] . . c:\windows\$NtUninstallKB828035$\msgsvc.dll

[-] 2001-08-23 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB828035_RTM$\msgsvc.dll

.

[7] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\ERDNT\cache\MsPMSNSv.dll

[7] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[7] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\mspmsnsv.dll

.

[7] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe

[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe

[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe

[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe

[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe

.

[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll

[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntmssvc.dll

[7] 2002-08-29 10:41 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

.

[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll

[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\upnphost.dll

[7] 2002-08-29 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

.

[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll

[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\dsound.dll

[-] 2001-08-23 . 9402C9F282AC5FAF8253A4DC2E231B67 . 338944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\dsound.dll

.

[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\d3d9.dll

.

[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll

[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ddraw.dll

[7] 2002-08-29 . 1D0F6E2A81751F29E6C27CA4FDDC1D49 . 253440 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

.

[7] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll

[7] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2004-08-04 07:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\olepro32.dll

[-] 2001-08-23 12:00 . 76E77301A8A73457A5B55E76847DB892 . 106496 . . [5.0.5014] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

.

[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\perfctrs.dll

[-] 2001-08-23 . 972EFFC80D9E806539489883D37032F5 . 37376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

.

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\version.dll

[-] 2001-08-23 . 90D0D0BEA6FBC19E765E30B7DDF52B9A . 16384 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\version.dll

.

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[-] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\iexplore.exe

[7] 2002-08-29 . 418D301C3B1FA94B19584AEEB3D65166 . 91136 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe

.

.

[7] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe

[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe

[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe

[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe

[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe

[7] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe

.

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\srsvc.dll

[7] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\w32time.dll

[7] 2002-08-29 . A14F6DEDA6E1B5D13A0C225E84988EEA . 165376 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\w32time.dll

.

[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll

[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wiaservc.dll

[7] 2002-08-29 . 0AC40B75640B550C26347B5F65F6E0EE . 316416 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll

.

[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll

[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\midimap.dll

[-] 2001-08-23 . 5A80CD832A19D92CEAED6D5C0316D1B1 . 17920 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\midimap.dll

.

[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll

[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2006-06-26 . 087552302D5AAB20FC37314576BC106C . 6144 . . [5.1.2600.1863] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll

[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll

[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2GDR\rasadhlp.dll

[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\rasadhlp.dll

[-] 2001-08-23 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Documents and Settings\\aida\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2008-04-14 14336]

R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]

R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]

R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-09 147416]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]

S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NecUsb3Sevic REG_MULTI_SZ NecUsb3

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

cpqarry2

backupexecagentaccelerator

AMDPCI

WinHttpAutoProxySvc

pcx1unic

LPDSVC

mcpromgr

mwlsvc

tosrfusb

CYGF32X

dsncservice

lpx

anbmservice

PSSdk23

v124

OsaFsLoc

RR2Vbi

db2licd

spbbcsvc

trayman

adsexpb

mfesmfk

oracleservicelocalora

emproxy

websensepolicyserver

clientservice

vet-filt

SRTSPL

bdpredir

s217unic

nsm1bus

QV2KUX

hdaudaddservice

bantext

se59bus

basfipm

symfw

wampmysqld

emAudio

se45mdfl

CTEAPSFX.DLL

RTL8023xp

slimsvc

xfactorae1

siside

incdfs

se45mdm

REVO

NVR0Dev

co_mon

TOSHIBASoftModem

akshasp

MaVctrl

eSettingsService

crystalinputfileserver

slssvc

cobbmservice

sentinel

McciCMService

atinrvxx

nmwcdcm

zfdwm

se27unic

slip

roxliveshare9

mcafeeframework

genmcmn

winpppoverethernet

LVBulk

amdppm

UCTblHid

CTERFXFX.DLL

clisvc

avinitnt

CADlink

SimpTcp

appdrv

pdlndqll

ctxhttp

usbbus

elotouchscreen

sfvfs02

Blfp

L8042Kbd

savrt

sqlagent$sony_mediamgr

hmonitor

SrvcSSIOMngr

zebrsce

ctac32k

appnnode

SE26mdm

rppkt

ufdsvc

StkScan

GoogleDesktopManager-010708-104812

viaudio

marvinbus

adminserver

personalsecuredriveservice

rtl8023

TestHandler

cccredmgr

SiS300i

padfsvr

mcrdsvc

ATIBTCAP

ptserial

antivirservice

hap16v2k

AN983

avipbb

StillCam

npkcmsvc

mohfilt

pnarp

iviVD

snac

mssql$sony_mediamgr

hsfhwazl

AcronisOSSReinstallSvc

MREMPR5

dptrackerd

Nsynas32

pacsptisvr

tandpl

smservaz

UsbDiag

NWDNS

dlaboiom

carboniteservice

rnadiagreceiver

servidor

nsvcip

tb2launch

acrotray

dnetc

bthenum

Afc

qserver

DSI_SiUSBXp_3_1

ino_flpy

crystaloutputfileserver

webrootspysweeperservice

SGHIDI

SE2Bmdfl

w200mdfl

imagesrv

ELmou

SISNICXP

macformatservice

nv

WDM_YAMAHAAC97

p2pimsvc

AFGMp50

ser2plms

GTWModem

zumbus

icdsptsv

protexislicensing

acrsch2svc

vcomm

NETw3x32

pmsveh

utscsi

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

TermService

wuauserv

BITS

ShellHWDetection

helpsvc

Ip6FwHlp

WmdmPmSN

napagent

hkmsvc

xmlprov

wscsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003Core.job

- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]

.

2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003UA.job

- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com

FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Notify-NecUsb3Sevices - USB3Sw32.dll

Notify-USB3Sw32 - USB3Sw32.dll

SafeBoot-74338219.sys

AddRemove-Kcast_Beta_1.0 - c:\windows\iun6002.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-09 19:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2684)

c:\windows\system32\WININET.dll

c:\program files\Zecter\ZumoDrive\ShellExt.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\System32\snmp.exe

c:\windows\System32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-05-09 20:47:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-10 00:47

.

Pre-Run: 265,682,944 bytes free

Post-Run: 342,028,288 bytes free

.

- - End Of File - - 3764B27D537FBA5D698C5FC3F758BCB0

Link to post
Share on other sites

Couldn't fit both logs into one post. Below is 2nd run.

ComboFix 12-05-09.01 - aida 05/09/2012 21:44:33.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.209 [GMT -4:00]

Running from: c:\documents and settings\aida\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\cbfs.sys . . . is infected!! . . . Failed to find a valid replacement.

.

((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))

.

.

2012-05-07 21:57 . 2012-05-07 21:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-14 18:49 . 2012-04-14 18:49 -------- d-----w- C:\8b932b19c531de31486369ac

2012-04-14 18:27 . 2012-04-14 18:28 -------- d-----w- C:\a13e1fdda4f013cfa6a1

2012-04-13 07:02 . 2011-06-21 04:09 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-12 22:46 . 2012-04-12 22:47 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643

2012-04-12 19:46 . 2012-04-12 19:46 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925

2012-04-12 18:04 . 2012-04-12 18:05 -------- d-----w- C:\b39195a5979437de95c7ae2e

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe

2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe

2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Documents and Settings\\aida\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2008-04-14 14336]

R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]

R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]

R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-09 147416]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]

S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NecUsb3Sevic REG_MULTI_SZ NecUsb3

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

cpqarry2

backupexecagentaccelerator

AMDPCI

WinHttpAutoProxySvc

pcx1unic

LPDSVC

mcpromgr

mwlsvc

tosrfusb

CYGF32X

dsncservice

lpx

anbmservice

PSSdk23

v124

OsaFsLoc

RR2Vbi

db2licd

spbbcsvc

trayman

adsexpb

mfesmfk

oracleservicelocalora

emproxy

websensepolicyserver

clientservice

vet-filt

SRTSPL

bdpredir

s217unic

nsm1bus

QV2KUX

hdaudaddservice

bantext

se59bus

basfipm

symfw

wampmysqld

emAudio

se45mdfl

CTEAPSFX.DLL

RTL8023xp

slimsvc

xfactorae1

siside

incdfs

se45mdm

REVO

NVR0Dev

co_mon

TOSHIBASoftModem

akshasp

MaVctrl

eSettingsService

crystalinputfileserver

slssvc

cobbmservice

sentinel

McciCMService

atinrvxx

nmwcdcm

zfdwm

se27unic

slip

roxliveshare9

mcafeeframework

genmcmn

winpppoverethernet

LVBulk

amdppm

UCTblHid

CTERFXFX.DLL

clisvc

avinitnt

CADlink

SimpTcp

appdrv

pdlndqll

ctxhttp

usbbus

elotouchscreen

sfvfs02

Blfp

L8042Kbd

savrt

sqlagent$sony_mediamgr

hmonitor

SrvcSSIOMngr

zebrsce

ctac32k

appnnode

SE26mdm

rppkt

ufdsvc

StkScan

GoogleDesktopManager-010708-104812

viaudio

marvinbus

adminserver

personalsecuredriveservice

rtl8023

TestHandler

cccredmgr

SiS300i

padfsvr

mcrdsvc

ATIBTCAP

ptserial

antivirservice

hap16v2k

AN983

avipbb

StillCam

npkcmsvc

mohfilt

pnarp

iviVD

snac

mssql$sony_mediamgr

hsfhwazl

AcronisOSSReinstallSvc

MREMPR5

dptrackerd

Nsynas32

pacsptisvr

tandpl

smservaz

UsbDiag

NWDNS

dlaboiom

carboniteservice

rnadiagreceiver

servidor

nsvcip

tb2launch

acrotray

dnetc

bthenum

Afc

qserver

DSI_SiUSBXp_3_1

ino_flpy

crystaloutputfileserver

webrootspysweeperservice

SGHIDI

SE2Bmdfl

w200mdfl

imagesrv

ELmou

SISNICXP

macformatservice

nv

WDM_YAMAHAAC97

p2pimsvc

AFGMp50

ser2plms

GTWModem

zumbus

icdsptsv

protexislicensing

acrsch2svc

vcomm

NETw3x32

pmsveh

utscsi

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

TermService

wuauserv

BITS

ShellHWDetection

helpsvc

Ip6FwHlp

WmdmPmSN

napagent

hkmsvc

xmlprov

wscsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003Core.job

- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]

.

2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003UA.job

- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com

FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-09 22:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

.

Completion time: 2012-05-09 22:54:25

ComboFix-quarantined-files.txt 2012-05-10 02:53

.

Pre-Run: 325,357,568 bytes free

Post-Run: 312,119,296 bytes free

.

- - End Of File - - 56C561B679E73AA9B896E3CA1772FDE0

Link to post
Share on other sites

Thanks!

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *cbfs.sys*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 16:30 on 11/05/2012 by aida

Administrator - Elevation successful

========== filefind ==========

Searching for "*cbfs.sys*"

C:\Program Files\Zecter\ZumoDrive\cbfs.sys --a--c- 147416 bytes [05:50 16/04/2010] [05:50 16/04/2010] 560C3AC812597D58626D6C92FDC7F58D

C:\WINDOWS\system32\drivers\cbfs.sys --a---- 147416 bytes [01:28 13/04/2010] [07:12 09/02/2010] 9FF0A66A15FB4CBEDB6E26FE4AC9D1E5

-= EOF =-

Link to post
Share on other sites

Good!

Delete your ComboFix copy, download a new fresh one and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\Program Files\Zecter\ZumoDrive\cbfs.sys | C:\WINDOWS\system32\drivers\cbfs.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-05-15.04 - aida 05/16/2012 1:06.6.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.247 [GMT -4:00]

Running from: c:\documents and settings\aida\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\aida\Desktop\CFScript.txt

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\cbfs.sys . . . is infected!! . . . Failed to find a valid replacement.

.

--------------- FCopy ---------------

.

c:\program files\Zecter\ZumoDrive\cbfs.sys --> c:\windows\system32\drivers\cbfs.sys

.

((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))

.

.

2012-05-10 14:33 . 2012-05-10 14:33 -------- dc----w- c:\documents and settings\aida\Local Settings\Application Data\PCHealth

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe

2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe

2012-04-11 13:12 . 2001-08-23 12:00 1862272 -c--a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10 . 2001-08-23 12:00 2192640 -c--a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35 . 2001-08-17 13:48 2069120 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2008-04-14 14336]

R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]

R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]

R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-04-16 147416]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]

S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NecUsb3Sevic REG_MULTI_SZ NecUsb3

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

cpqarry2

backupexecagentaccelerator

AMDPCI

WinHttpAutoProxySvc

pcx1unic

LPDSVC

mcpromgr

mwlsvc

tosrfusb

CYGF32X

dsncservice

lpx

anbmservice

PSSdk23

v124

OsaFsLoc

RR2Vbi

db2licd

spbbcsvc

trayman

adsexpb

mfesmfk

oracleservicelocalora

emproxy

websensepolicyserver

clientservice

vet-filt

SRTSPL

bdpredir

s217unic

nsm1bus

QV2KUX

hdaudaddservice

bantext

se59bus

basfipm

symfw

wampmysqld

emAudio

se45mdfl

CTEAPSFX.DLL

RTL8023xp

slimsvc

xfactorae1

siside

incdfs

se45mdm

REVO

NVR0Dev

co_mon

TOSHIBASoftModem

akshasp

MaVctrl

eSettingsService

crystalinputfileserver

slssvc

cobbmservice

sentinel

McciCMService

atinrvxx

nmwcdcm

zfdwm

se27unic

slip

roxliveshare9

mcafeeframework

genmcmn

winpppoverethernet

LVBulk

amdppm

UCTblHid

CTERFXFX.DLL

clisvc

avinitnt

CADlink

SimpTcp

appdrv

pdlndqll

ctxhttp

usbbus

elotouchscreen

sfvfs02

Blfp

L8042Kbd

savrt

sqlagent$sony_mediamgr

hmonitor

SrvcSSIOMngr

zebrsce

ctac32k

appnnode

SE26mdm

rppkt

ufdsvc

StkScan

GoogleDesktopManager-010708-104812

viaudio

marvinbus

adminserver

personalsecuredriveservice

rtl8023

TestHandler

cccredmgr

SiS300i

padfsvr

mcrdsvc

ATIBTCAP

ptserial

antivirservice

hap16v2k

AN983

avipbb

StillCam

npkcmsvc

mohfilt

pnarp

iviVD

snac

mssql$sony_mediamgr

hsfhwazl

AcronisOSSReinstallSvc

MREMPR5

dptrackerd

Nsynas32

pacsptisvr

tandpl

smservaz

UsbDiag

NWDNS

dlaboiom

carboniteservice

rnadiagreceiver

servidor

nsvcip

tb2launch

acrotray

dnetc

bthenum

Afc

qserver

DSI_SiUSBXp_3_1

ino_flpy

crystaloutputfileserver

webrootspysweeperservice

SGHIDI

SE2Bmdfl

w200mdfl

imagesrv

ELmou

SISNICXP

macformatservice

nv

WDM_YAMAHAAC97

p2pimsvc

AFGMp50

ser2plms

GTWModem

zumbus

icdsptsv

protexislicensing

acrsch2svc

vcomm

NETw3x32

pmsveh

utscsi

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

TermService

wuauserv

BITS

ShellHWDetection

helpsvc

Ip6FwHlp

WmdmPmSN

napagent

hkmsvc

xmlprov

wscsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com

FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-16 01:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1800)

c:\windows\system32\WININET.dll

c:\program files\Zecter\ZumoDrive\ShellExt.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\System32\snmp.exe

c:\windows\System32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-05-16 02:20:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-16 06:20

ComboFix2.txt 2012-05-16 03:49

ComboFix3.txt 2012-05-10 02:55

.

Pre-Run: 523,476,992 bytes free

Post-Run: 496,959,488 bytes free

.

- - End Of File - - FDE15041DE5291082569AB341C9EBECE

Link to post
Share on other sites

I had to run ComboFix several more times before I could access the internet. I'm posting the last ComboFix log below the virustotal link:

https://www.virustotal.com/file/2ee3278a33910a0f98f215c5dacdd593a0b6b7e5adf35c914ec85565ad5fd7c9/analysis/1337216917/

ComboFix 12-05-16.02 - aida 05/16/2012 18:10:36.10.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.268 [GMT -4:00]

Running from: c:\documents and settings\aida\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))

.

.

2012-05-10 14:33 . 2012-05-10 14:33 -------- dc----w- c:\documents and settings\aida\Local Settings\Application Data\PCHealth

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe

2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe

2012-04-11 13:12 . 2001-08-23 12:00 1862272 -c--a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10 . 2001-08-23 12:00 2192640 -c--a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35 . 2001-08-17 13:48 2069120 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [4/12/2010 9:28 PM 147416]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]

R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [9/15/2003 7:06 PM 19016]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/29/2007 4:30 PM 20160]

S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]

S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2/5/2008 3:53 AM 44928]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NecUsb3Sevic REG_MULTI_SZ NecUsb3

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

cpqarry2

backupexecagentaccelerator

AMDPCI

WinHttpAutoProxySvc

pcx1unic

LPDSVC

mcpromgr

mwlsvc

tosrfusb

CYGF32X

dsncservice

lpx

anbmservice

PSSdk23

v124

OsaFsLoc

RR2Vbi

db2licd

spbbcsvc

trayman

adsexpb

mfesmfk

oracleservicelocalora

emproxy

websensepolicyserver

clientservice

vet-filt

SRTSPL

bdpredir

s217unic

nsm1bus

QV2KUX

hdaudaddservice

bantext

se59bus

basfipm

symfw

wampmysqld

emAudio

se45mdfl

CTEAPSFX.DLL

RTL8023xp

slimsvc

xfactorae1

siside

incdfs

se45mdm

REVO

NVR0Dev

co_mon

TOSHIBASoftModem

akshasp

MaVctrl

eSettingsService

crystalinputfileserver

slssvc

cobbmservice

sentinel

McciCMService

atinrvxx

nmwcdcm

zfdwm

se27unic

slip

roxliveshare9

mcafeeframework

genmcmn

winpppoverethernet

LVBulk

amdppm

UCTblHid

CTERFXFX.DLL

clisvc

avinitnt

CADlink

SimpTcp

appdrv

pdlndqll

ctxhttp

usbbus

elotouchscreen

sfvfs02

Blfp

L8042Kbd

savrt

sqlagent$sony_mediamgr

hmonitor

SrvcSSIOMngr

zebrsce

ctac32k

appnnode

SE26mdm

rppkt

ufdsvc

StkScan

GoogleDesktopManager-010708-104812

viaudio

marvinbus

adminserver

personalsecuredriveservice

rtl8023

TestHandler

cccredmgr

SiS300i

padfsvr

mcrdsvc

ATIBTCAP

ptserial

antivirservice

hap16v2k

AN983

avipbb

StillCam

npkcmsvc

mohfilt

pnarp

iviVD

snac

mssql$sony_mediamgr

hsfhwazl

AcronisOSSReinstallSvc

MREMPR5

dptrackerd

Nsynas32

pacsptisvr

tandpl

smservaz

UsbDiag

NWDNS

dlaboiom

carboniteservice

rnadiagreceiver

servidor

nsvcip

tb2launch

acrotray

dnetc

bthenum

Afc

qserver

DSI_SiUSBXp_3_1

ino_flpy

crystaloutputfileserver

webrootspysweeperservice

SGHIDI

SE2Bmdfl

w200mdfl

imagesrv

ELmou

SISNICXP

macformatservice

nv

WDM_YAMAHAAC97

p2pimsvc

AFGMp50

ser2plms

GTWModem

zumbus

icdsptsv

protexislicensing

acrsch2svc

vcomm

NETw3x32

pmsveh

utscsi

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

TermService

wuauserv

BITS

ShellHWDetection

helpsvc

Ip6FwHlp

WmdmPmSN

napagent

hkmsvc

xmlprov

wscsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com

FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-16 18:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]

"ServiceDll"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\

.

Completion time: 2012-05-16 19:11:35

ComboFix-quarantined-files.txt 2012-05-16 23:11

ComboFix2.txt 2012-05-16 19:32

ComboFix3.txt 2012-05-16 15:59

ComboFix4.txt 2012-05-16 08:24

ComboFix5.txt 2012-05-16 21:31

.

Pre-Run: 433,664,000 bytes free

Post-Run: 442,134,528 bytes free

.

- - End Of File - - A483CA1D1F0C98DD61D75C37FC092CD0

Link to post
Share on other sites

The 1st 2 times I ran it, the computer rebooted before the scan completed. On the 3rd scan, the computer froze before completion. I'm posting the results of the 4th scan below. There was another infection detected in a Restore file in earlier runs.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-22 04:07:09

-----------------------------

04:07:09.873 OS Version: Windows 5.1.2600 Service Pack 3

04:07:09.873 Number of processors: 1 586 0x806

04:07:09.873 ComputerName: ADMIN UserName: aida

04:07:26.597 Initialize success

04:21:48.166 AVAST engine defs: 12052101

04:29:42.999 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

04:29:42.999 Disk 0 Vendor: IBM-DTTA-351010 T56OA73A Size: 9671MB BusType: 3

04:29:43.019 Disk 0 MBR read successfully

04:29:43.029 Disk 0 MBR scan

04:29:43.680 Disk 0 Windows XP default MBR code

04:29:43.690 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 9664 MB offset 63

04:29:43.860 Disk 0 scanning sectors +19792080

04:29:44.191 Disk 0 scanning C:\WINDOWS\system32\drivers

04:31:01.192 Service scanning

04:32:07.016 Modules scanning

04:32:38.592 Disk 0 trace - called modules:

04:32:38.612 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS

04:32:38.622 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f8fab8]

04:32:38.652 3 CLASSPNP.SYS[f87b7fd7] -> nt!IofCallDriver -> \Device\00000058[0x82f67f18]

04:32:38.662 5 ACPI.sys[f872e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82fdfd98]

04:32:40.635 AVAST engine scan C:\

05:00:39.519 File: C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cbfs.sys.vir **INFECTED** Win32:Sirefef-PL [Rtk]

07:38:18.840 Scan finished successfully

11:27:29.283 Disk 0 MBR has been saved successfully to "Y:\MBR.dat"

11:27:29.313 The log file has been saved successfully to "Y:\aswMBR.txt"

Link to post
Share on other sites

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\*. /rp /s
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL log

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.