Jump to content

Brilliantly designed virus or just faulty computer?


Recommended Posts

Hello everyone, I'm new here. I've been instructed to follow the steps on asking for help here, here's the original post, which explains the problem.

To put it simply, my computer got infected with a nasty virus that would shut down a lot of critical services on startup, preventing me from installing practically any antivirus, not being able to copy/cut folders or even drag them around. It also disabled Avast and the Windows Installer Services, and apparently my soundcard no longer exists and I can only hear the computer bleep.

Oh well, when all of this happened, what I first thought (I will just stop here and I won't go into much detail of what happened afterwards, for reading's sake) is to scan the computer with Malwarebytes. Installation went fairly normal but as I tried to run it, this little fellow showed up:

Quote

Run Time Error '372':

Failed to load control 'vbalGrid' from vbalsgrid6.ocx Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

I tried several things, but I'd like to know what's your take on this, maybe I got something wrong in the process of fixing it. As I said, I'm pretty sure I can get rid of this guy using Malwarebytes, but it seems as if the virus had made sure to disable all the possible ways of fixing it, so it pretty much feels like a check mate.

So... is any of you guys a good chess player? :P

Thanks a lot in advance.

Cheers!

I've also been told this could be a Remote Procedure Call problem. I tried several things but none of them seemed to work.

Now that I remember, there were also issues with my taskbar and my quick-start icons/tray icons, they magically dissappeared.

I've followed all the steps I could in the guide, I obviously couldn't get the program to work, therefore not being able to scan anything with it, but I did get DDS.com to work, so here's the log:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Usuario at 23:36:02 on 2013-04-12

.

============== Running Processes ================

.

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE

C:\Archivos de programa\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe

C:\Archivos de programa\AVAST Software\Avast\avastUI.exe

C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Archivos de programa\Archivos comunes\Java\Java Update\jucheck.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.plusnetwork.com/?sp=hp

uInternet Connection Wizard,ShellNext = hxxp://ad.harrenmedianetwork.com/clk?2,13%3B64368ba5c7ad7b99%3B12b26df4deb,0%3B%3B%3B4288633824,wNtKAM5zCAC5E1AAAAAAAND9FQAAAAAAAABAAAIAAAAAAAUAAQAHFEjJCAAAAAAAlQsGAAAAAACliR0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACFcgMAAAAAAAIAAwAAAAAASE3fJisBAAAAAAAAADg2M2MxZTMyLWMzNzAtMTFkZi1iMDg5LTAwMWIyNDkzNjUwYQCUAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork.com%2F,

BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\archivos de programa\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\archivos de programa\java\jre7\bin\jp2ssv.dll

BHO: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\archivos de programa\dap\dapieloader.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll

uRun: [sUPERAntiSpyware] c:\archivos de programa\superantispyware\SUPERAntiSpyware.exe

mRun: [sunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [GB_UPDATE] c:\archivos de programa\razer\razer game booster\AutoUpdate.exe/AUTORUN

mRun: [avast] "c:\archivos de programa\avast software\avast\avastUI.exe" /nogui

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoSMHelp = dword:1

uPolicies-Explorer: NoSMConfigurePrograms = dword:1

uPolicies-Explorer: NoSMMyPictures = dword:1

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: ForceClassicControlPanel = dword:1

mPolicies-Explorer: NoSMHelp = dword:1

mPolicies-Explorer: NoSMConfigurePrograms = dword:1

mPolicies-Explorer: NoSMMyPictures = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &Clean Traces - c:\archivos de programa\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\archivos de programa\dap\dapextie.htm

IE: Anexar a PDF existente - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir a Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir destino de vínculo a PDF existente - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir destino de vínculo en archivo Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir selección a Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir selección a archivo PDF existente - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir vínculos seleccionados a Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir vínculos seleccionados a PDF existente - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Download &all with DAP - c:\archivos de programa\dap\dapextie2.htm

IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{97E75B61-B11C-4DB4-9EAD-89D9CC306E25} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archivos de programa\archivos comunes\skype\Skype4COM.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\archivos de programa\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\archivos de programa\dap\dapie.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\archivos de programa\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\usuario\datos de programa\mozilla\firefox\profiles\9mgzvy12.default\

FF - plugin: c:\archivos de programa\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\archivos de programa\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\archivos de programa\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\archivos de programa\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\archivos de programa\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\archivos de programa\microsoft\office live\npOLW.dll

FF - plugin: c:\archivos de programa\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\archivos de programa\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\all users\datos de programa\id software\quakelive\npquakezero.dll

FF - plugin: c:\documents and settings\usuario\configuraciã³n local\datos de programa\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\documents and settings\usuario\configuraciã³n local\datos de programa\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R? avast! Antivirus;avast! Antivirus

R? Avgfwfd;AVG network filter service

R? BIOS;BIOS

R? CFG_NT4;CFG_NT4

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? fsssvc;Servicio de Windows Live Protección infantil

R? Hamachi2Svc;LogMeIn Hamachi Tunneling Engine

R? LLRING0;LLRING0

R? mbamchameleon;mbamchameleon

R? MBAMSwissArmy;MBAMSwissArmy

R? SetupNTGLM7X;SetupNTGLM7X

R? SkypeUpdate;Skype Updater

R? SynasUSB;SynasUSB

R? Vsp;Vsp

R? WinRing0_1_2_0;WinRing0_1_2_0

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? !SASCORE;SAS Core Service

S? aswFsBlk;aswFsBlk

S? aswMonFlt;aswMonFlt

S? aswRvrt;aswRvrt

S? aswSnx;aswSnx

S? aswSP;aswSP

S? aswVmm;aswVmm

S? Avgfwdx;Avgfwdx

S? fssfltr;fssfltr

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

S? SmartDefragDriver;SmartDefragDriver

S? VBoxDrv;VirtualBox Service

S? VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter

S? VBoxNetFlt;VirtualBox Bridged Networking Service

S? VBoxUSBMon;VirtualBox USB Monitor Driver

.

=============== File Associations ===============

.

FileExt: .vbe: VBEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]

FileExt: .vbs: VBSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]

FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]

FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]

FileExt: .wsf: WSFFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]

.

=============== Created Last 30 ================

.

2013-04-10 06:50:30 -------- d-----w- c:\archivos de programa\Glary Utilities

2013-04-07 03:02:55 98816 ----a-w- c:\windows\sed.exe

2013-04-07 03:02:55 256000 ----a-w- c:\windows\PEV.exe

2013-04-07 03:02:55 208896 ----a-w- c:\windows\MBR.exe

2013-03-25 06:58:15 -------- d-----w- c:\documents and settings\usuario\datos de programa\SUPERAntiSpyware.com

2013-03-25 06:57:51 -------- d-----w- c:\documents and settings\all users\datos de programa\SUPERAntiSpyware.com

2013-03-25 06:57:51 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware

2013-03-25 05:56:46 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-25 05:56:45 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-25 05:56:45 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-25 05:56:44 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-25 05:55:32 41664 ----a-w- c:\windows\avastSS.scr

2013-03-24 00:33:39 -------- d-----w- c:\archivos de programa\ESET

2013-03-23 23:54:14 -------- d-----w- c:\documents and settings\all users\datos de programa\NortonInstaller

2013-03-23 23:23:00 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-03-23 23:16:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-23 23:16:15 -------- d-----w- c:\documents and settings\usuario\datos de programa\Malwarebytes

2013-03-23 23:16:07 -------- d-----w- c:\documents and settings\all users\datos de programa\Malwarebytes

2013-03-23 23:16:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-23 23:16:06 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware

2013-03-23 21:21:02 -------- d-----w- c:\archivos de programa\HitmanPro

2013-03-23 21:20:19 -------- d-----w- c:\documents and settings\all users\datos de programa\HitmanPro

2013-03-18 20:02:03 -------- d-----w- c:\documents and settings\usuario\datos de programa\Processing

.

==================== Find3M ====================

.

2013-02-19 02:59:57 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-19 02:59:56 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 23:36:44,06 ===============

As I said in the first post, I'd like to know what you guys think of this, and if you need any other info, please don't hesitate to ask :)

Thanks in advance

Aprch

Edited by Maurice Naggar
Link to post
Share on other sites

Hello Aprch.

Please follow my guidance and do not run any other tools on your own. Also, do not use Quote or Code blocks for any report you post.

Just do a simple Copy & Paste. That way it is cleaner & easier for me to read.

Do not use the attach option for posting your logs, unless a particular report is way too huge to fit.

You may put each report in a separate reply.

Please start with the following, doing as much as you can.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Task 2

Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or

>> from here <<

  • Quit all programs that you may have started.
  • Please disconnect any USB or external storage drives from the computer before you run this scan!
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Link to post
Share on other sites

So aswMBR led me to a bluescreen with the following error message: (I saw 2 locked yellow files and 1 red suspicious before the bluescreen, this has happened with other programs before, as if just before finding the error, the computer crashes)

STOP 0x0000008E (0xC0000005, 0x80544732, 0xBA7BC944, 0x00000000)

I'll try again now, meanwhile here's the RougeKiller report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Usuario [Admin rights]

Mode : Scan -- Date : 04/13/2013 22:29:21

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[services][HJNAME] HKLM\[...]\ControlSet001\Services\SamSs (C:\WINDOWS\cystem32\lsass.exe) [x] -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[RUN][HJNAME] [ON_D:Julián]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) [-] -> FOUND

[RUN][HJNAME] [ON_D:LocalService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\CTFMON.EXE) [-] -> FOUND

[RUN][HJNAME] [ON_D:NetworkService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\CTFMON.EXE) [-] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\Documents and Settings\Julián\NTUSER.DAT

-> D:\Documents and Settings\LocalService\NTUSER.DAT

-> D:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] cb39aeb29bc56a25c8a47d79496dd8d0

[bSP] edf0166eb602f792329496bd9e66b382 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 79995 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 163846935 | Size: 158469 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_04132013_02d2229.txt >>

RKreport[1]_S_04132013_02d2229.txt

Link to post
Share on other sites

What you said in your 1st post ....

To put it simply, my computer got infected with a nasty virus that would shut down a lot of critical services on startup, preventing me from installing practically any antivirus, not being able to copy/cut folders or even drag them around. It also disabled Avast and the Windows Installer Services, ....

Let me remark that you should have (at that time) disconnected this computer from the internet and your home network (if any).

The issue with the failing mbam install is only an after-effect of an apparent backdoor trojan.

Please disconnect this system from the internet and from your home network (if any).

Use another system to do any downloads and use a new clean USB-flash-thumb drive to transfer any downloads to your infected system.

IF and ONLY IF this is the only system at your house, then restart the system into Safe Mode with Networking, and keep it in that mode until I advise otherwise.

And do not do any websurfing, or any game play, or any online banking or any online shopping.

Only go to this forum and the sites I guide you to.

Backdoor trojan warning:

This system has some serious backdoor trojans.

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Let me know what you decide.

IF you wish to attempt to hunt & remove malware ....and remember there can be no guarantee that all will be found or removed....

then start with the following.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external storage drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [services][HJNAME] HKLM\[...]\ControlSet001\Services\SamSs (C:\WINDOWS\cystem32\lsass.exe) [x] -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [RUN][HJNAME] [ON_D:Julián]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) [-] -> FOUND
    [RUN][HJNAME] [ON_D:LocalService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\CTFMON.EXE) [-] -> FOUND
    [RUN][HJNAME] [ON_D:NetworkService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\CTFMON.EXE) [-] -> FOUND

  • Then click on Delete on the right hand column under Options.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

NEXT:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

NEXT:

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

Link to post
Share on other sites

I'd like to try and disable it, at least so I can copy my stuff for backup, and then make a clean start.

RougeKiller report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Usuario [Admin rights]

Mode : Remove -- Date : 04/14/2013 21:13:12

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[services][HJNAME] HKLM\[...]\ControlSet001\Services\SamSs (C:\WINDOWS\cystem32\lsass.exe) [x] -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> NOT SELECTED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[RUN][HJNAME] [ON_D:Julián]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) [-] -> DELETED

[RUN][HJNAME] [ON_D:LocalService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\CTFMON.EXE) [-] -> DELETED

[RUN][HJNAME] [ON_D:NetworkService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\CTFMON.EXE) [-] -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

[Faked.Drv][FILE] snp2uvc.sys : C:\WINDOWS\system32\drivers\snp2uvc.sys [-] --> CANNOT FIX

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\Documents and Settings\Julián\NTUSER.DAT

-> D:\Documents and Settings\LocalService\NTUSER.DAT

-> D:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] cb39aeb29bc56a25c8a47d79496dd8d0

[bSP] edf0166eb602f792329496bd9e66b382 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 79995 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 163846935 | Size: 158469 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3]_D_04142013_02d2113.txt >>

RKreport[1]_S_04132013_02d2229.txt ; RKreport[2]_S_04142013_02d2109.txt ; RKreport[3]_D_04142013_02d2113.txt

I deleted the ones you named.

Link to post
Share on other sites

Rkill report:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/14/2013 09:27:13 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\nvsvc32.exe (PID: 932) [WD-HEUR]

* C:\WINDOWS\system32\notepad.exe (PID: 924) [WD-HEUR]

2 proccesses terminated!

Possibly Patched Files.

* C:\WINDOWS\system32\services.exe

* C:\WINDOWS\system32\lsass.exe

* C:\WINDOWS\system32\svchost.exe

* C:\WINDOWS\System32\svchost.exe

* C:\WINDOWS\system32\svchost.exe

* C:\WINDOWS\system32\svchost.exe

* C:\WINDOWS\system32\svchost.exe

* C:\WINDOWS\system32\svchost.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* CryptSvc (CryptSvc) is not Running.

Startup Type set to: Automatic

* Sistema de sucesos COM+ (EventSystem) is not Running.

Startup Type set to: Manual

* Conexiones de red (Netman) is not Running.

Startup Type set to: Manual

* Servicio de restauración de sistema (srservice) is not Running.

Startup Type set to: Automatic

* Instrumental de administración de Windows (winmgmt) is not Running.

Startup Type set to: Automatic

* Centro de seguridad (wscsvc) is not Running.

Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.

Startup Type set to: Automatic

* SamSs [Missing Service]

* Update [Missing ImagePath]

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\appmgmts.dll [NoSig]

* C:\WINDOWS\System32\browser.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2705219\SP3QFE\browser.dll : 78.336 : 07/06/2012 00:58 AM : 88f61096edaf97f86128ed9007802709 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2705219$\browser.dll : 77.824 : 04/14/2008 00:00 AM : e28818bd591f8af8fbe9897472b9665e [Pos Repl]

* C:\WINDOWS\System32\clipsrv.exe [NoSig]

* C:\WINDOWS\System32\comctl32.dll [NoSig]

+-> C:\WINDOWS\$NtUninstallKB2296011$\comctl32.dll : 617.472 : 04/14/2008 00:00 AM : 618a4c7a7c0ca86da884c8c0facad8c2 [Pos Repl]

+-> C:\WINDOWS\WinSxS\InstallTemp\67161\comctl32.dll : 921.088 : 09/10/2002 00:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]

+-> C:\WINDOWS\WinSxS\InstallTemp\9406468\comctl32.dll : 1.054.208 : 08/23/2010 01:12 PM : 24b09ed0c5b019a5198a74504179eeb0 [Pos Repl]

+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921.088 : 04/14/2008 00:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]

+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1.054.208 : 04/14/2008 00:00 AM : 08d17a982cd6191b34d1b8c8a2e694b6 [Pos Repl]

+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll : 1.054.208 : 08/23/2010 01:12 PM : 24b09ed0c5b019a5198a74504179eeb0 [Pos Repl]

* C:\WINDOWS\System32\comres.dll [NoSig]

* C:\WINDOWS\System32\cryptsvc.dll [NoSig]

* C:\WINDOWS\System32\csrss.exe [NoSig]

* C:\WINDOWS\System32\ctfmon.exe [NoSig]

* C:\WINDOWS\System32\d3d8.dll [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll : 1.201.152 : 07/09/2004 01:27 AM : cae54168c54b8349f10113de083c4eb7 [Pos Repl]

* C:\WINDOWS\System32\d3d8thk.dll [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8thk.dll : 8.192 : 12/12/2002 01:14 AM : d6e38d3cde17a05ba6304917c80d6d3c [Pos Repl]

* C:\WINDOWS\System32\d3d9.dll [NoSig]

* C:\WINDOWS\System32\ddraw.dll [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll : 292.864 : 07/09/2004 01:27 AM : 90114704c17a581da1bae029f20932be [Pos Repl]

* C:\WINDOWS\System32\dllhost.exe [NoSig]

* C:\WINDOWS\System32\drivers\acpiec.sys [NoSig]

* C:\WINDOWS\System32\drivers\acpi.sys [NoSig]

* C:\WINDOWS\System32\drivers\aec.sys [NoSig]

* C:\WINDOWS\System32\drivers\afd.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys : 138.496 : 02/16/2011 01:25 AM : 8d499b1276012eb907e7a9e0f4d8fda4 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138.496 : 10/16/2008 01:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138.496 : 08/17/2011 01:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys : 138.496 : 06/20/2008 01:48 AM : d6ee6014241d034e63c49a50cb2b442a [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys : 138.496 : 08/14/2008 01:34 AM : 4d43e74f2a1239d53929b82600f1971c [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2509553$\afd.sys : 138.112 : 04/14/2008 00:00 AM : 322d0e36693d6e24a2398bee62a268cd [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2592799$\afd.sys : 138.496 : 10/16/2008 00:43 AM : 7618d5218f2a614672ec61a80d854a37 [Pos Repl]

* C:\WINDOWS\System32\drivers\agp440.sys [NoSig]

* C:\WINDOWS\System32\drivers\amdk6.sys [NoSig]

* C:\WINDOWS\System32\drivers\amdk7.sys [NoSig]

* C:\WINDOWS\System32\drivers\arp1394.sys [NoSig]

* C:\WINDOWS\System32\drivers\asyncmac.sys [NoSig]

* C:\WINDOWS\System32\drivers\atapi.sys [NoSig]

* C:\WINDOWS\System32\drivers\audstub.sys [NoSig]

* C:\WINDOWS\System32\drivers\beep.sys [NoSig]

* C:\WINDOWS\System32\drivers\bridge.sys [NoSig]

* C:\WINDOWS\System32\drivers\bthport.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272.512 : 06/14/2008 02:40 PM : 5206c872ffc17a0fd95a6255422605cd [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys : 273.408 : 04/14/2008 00:00 AM : 6d28e3e375656dc2880e40c93c7998be [Pos Repl]

+-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272.512 : 06/14/2008 02:33 PM : 53d951bb865ab36b200b1c9429db644c [Pos Repl]

* C:\WINDOWS\System32\drivers\cbidf2k.sys [NoSig]

* C:\WINDOWS\System32\drivers\cdaudio.sys [NoSig]

* C:\WINDOWS\System32\drivers\cdfs.sys [NoSig]

* C:\WINDOWS\System32\drivers\cdrom.sys [NoSig]

* C:\WINDOWS\System32\drivers\classpnp.sys [NoSig]

* C:\WINDOWS\System32\drivers\cpqdap01.sys [NoSig]

* C:\WINDOWS\System32\drivers\crusoe.sys [NoSig]

* C:\WINDOWS\System32\drivers\diskdump.sys [NoSig]

* C:\WINDOWS\System32\drivers\disk.sys [NoSig]

* C:\WINDOWS\System32\drivers\dmboot.sys [NoSig]

* C:\WINDOWS\System32\drivers\dmio.sys [NoSig]

* C:\WINDOWS\System32\drivers\dmload.sys [NoSig]

* C:\WINDOWS\System32\drivers\DMusic.sys [NoSig]

* C:\WINDOWS\System32\drivers\drmkaud.sys [NoSig]

* C:\WINDOWS\System32\drivers\drmk.sys [NoSig]

* C:\WINDOWS\System32\drivers\dxapi.sys [NoSig]

* C:\WINDOWS\System32\drivers\dxg.sys [NoSig]

* C:\WINDOWS\System32\drivers\dxgthk.sys [NoSig]

* C:\WINDOWS\System32\drivers\fastfat.sys [NoSig]

* C:\WINDOWS\System32\drivers\fdc.sys [NoSig]

* C:\WINDOWS\System32\drivers\fips.sys [NoSig]

* C:\WINDOWS\System32\drivers\flpydisk.sys [NoSig]

* C:\WINDOWS\System32\drivers\fltMgr.sys [NoSig]

* C:\WINDOWS\System32\drivers\fs_rec.sys [NoSig]

* C:\WINDOWS\System32\drivers\fsvga.sys [NoSig]

* C:\WINDOWS\System32\drivers\ftdisk.sys [NoSig]

* C:\WINDOWS\System32\drivers\hidclass.sys [NoSig]

* C:\WINDOWS\System32\drivers\hidparse.sys [NoSig]

* C:\WINDOWS\System32\drivers\hidusb.sys [NoSig]

* C:\WINDOWS\System32\drivers\http.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265.728 : 10/20/2009 02:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB970430$\http.sys : 264.832 : 04/14/2008 00:00 AM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl]

+-> C:\WINDOWS\Driver Cache\i386\http.sys : 265.728 : 10/20/2009 01:20 PM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]

* C:\WINDOWS\System32\drivers\i8042prt.sys [NoSig]

* C:\WINDOWS\System32\drivers\imapi.sys [NoSig]

* C:\WINDOWS\System32\drivers\intelppm.sys [NoSig]

* C:\WINDOWS\System32\drivers\ip6fw.sys [NoSig]

* C:\WINDOWS\System32\drivers\ipfltdrv.sys [NoSig]

* C:\WINDOWS\System32\drivers\ipinip.sys [NoSig]

* C:\WINDOWS\System32\drivers\ipnat.sys [NoSig]

* C:\WINDOWS\System32\drivers\ipsec.sys [NoSig]

* C:\WINDOWS\System32\drivers\irenum.sys [NoSig]

* C:\WINDOWS\System32\drivers\isapnp.sys [NoSig]

* C:\WINDOWS\System32\drivers\kbdclass.sys [NoSig]

* C:\WINDOWS\System32\drivers\kmixer.sys [NoSig]

* C:\WINDOWS\System32\drivers\ksecdd.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92.928 : 06/24/2009 02:28 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB968389$\ksecdd.sys : 92.288 : 04/14/2008 00:00 AM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]

* C:\WINDOWS\System32\drivers\ks.sys [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ks.sys : 130.304 : 12/12/2002 01:14 AM : dc197a88746a55ae60d1c81d45cd1b4a [Pos Repl]

+-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\ks.sys : 141.056 : 04/14/2008 00:00 AM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]

* C:\WINDOWS\System32\drivers\mcd.sys [NoSig]

* C:\WINDOWS\System32\drivers\mf.sys [NoSig]

* C:\WINDOWS\System32\drivers\mnmdd.sys [NoSig]

* C:\WINDOWS\System32\drivers\modem.sys [NoSig]

* C:\WINDOWS\System32\drivers\mouclass.sys [NoSig]

* C:\WINDOWS\System32\drivers\mouhid.sys [NoSig]

* C:\WINDOWS\System32\drivers\mountmgr.sys [NoSig]

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]

* C:\WINDOWS\System32\drivers\mrxdav.sys [NoSig]

* C:\WINDOWS\System32\drivers\mrxsmb.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys : 457.472 : 02/17/2011 02:19 AM : fb7dfd15d760ad339837a470f0e780d3 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys : 457.856 : 04/29/2011 01:47 PM : 8dd801e28eb76fda2a38907882a0036f [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457.856 : 07/15/2011 01:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys : 457.216 : 02/24/2010 01:57 AM : d09b9f0b9960dd41e73127b7814c115f [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys : 456.576 : 04/14/2008 00:00 AM : 68755f0ff16070178b54674fe5b847b0 [Pos Repl]

+-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456.320 : 07/15/2011 01:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]

* C:\WINDOWS\System32\drivers\msfs.sys [NoSig]

* C:\WINDOWS\System32\drivers\msgpc.sys [NoSig]

* C:\WINDOWS\System32\drivers\MSKSSRV.sys [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mskssrv.sys : 7.424 : 12/12/2002 01:14 AM : 85736f804191cb420a31aca2a7f0674f [Pos Repl]

* C:\WINDOWS\System32\drivers\MSPCLOCK.sys [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspclock.sys : 5.248 : 12/12/2002 01:14 AM : e943adb93d83c5cbc0ca3f53f53b48cc [Pos Repl]

* C:\WINDOWS\System32\drivers\MSPQM.sys [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspqm.sys : 4.608 : 08/23/2001 01:00 AM : f6a726b8832db1f88326b8be98b11981 [Pos Repl]

* C:\WINDOWS\System32\drivers\mssmbios.sys [NoSig]

* C:\WINDOWS\System32\drivers\mup.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105.472 : 04/21/2011 01:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2535512$\mup.sys : 105.344 : 04/14/2008 00:00 AM : 2f625d11385b1a94360bfc70aaefdee1 [Pos Repl]

* C:\WINDOWS\System32\drivers\ndis.sys [NoSig]

* C:\WINDOWS\System32\drivers\ndistapi.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10.496 : 07/08/2011 01:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2566454$\ndistapi.sys : 10.112 : 04/14/2008 00:00 AM : 1ab3d00c991ab086e69db84b6c0ed78f [Pos Repl]

* C:\WINDOWS\System32\drivers\ndisuio.sys [NoSig]

* C:\WINDOWS\System32\drivers\ndiswan.sys [NoSig]

* C:\WINDOWS\System32\drivers\ndproxy.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys : 40.960 : 11/03/2010 01:55 AM : 816460bd4b4acd27937d1d0813e2e9e9 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2440591$\ndproxy.sys : 40.576 : 04/14/2008 00:00 AM : 6215023940cfd3702b46abc304e1d45a [Pos Repl]

* C:\WINDOWS\System32\drivers\netbios.sys [NoSig]

* C:\WINDOWS\System32\drivers\netbt.sys [NoSig]

* C:\WINDOWS\System32\drivers\nic1394.sys [NoSig]

* C:\WINDOWS\System32\drivers\nikedrv.sys [NoSig]

* C:\WINDOWS\System32\drivers\nmnt.sys [NoSig]

* C:\WINDOWS\System32\drivers\npfs.sys [NoSig]

* C:\WINDOWS\System32\drivers\ntfs.sys [NoSig]

* C:\WINDOWS\System32\drivers\null.sys [NoSig]

* C:\WINDOWS\System32\drivers\nwlnkflt.sys [NoSig]

* C:\WINDOWS\System32\drivers\nwlnkfwd.sys [NoSig]

* C:\WINDOWS\System32\drivers\nwlnkipx.sys [NoSig]

* C:\WINDOWS\System32\drivers\nwlnknb.sys [NoSig]

* C:\WINDOWS\System32\drivers\nwlnkspx.sys [NoSig]

* C:\WINDOWS\System32\drivers\nwrdr.sys [NoSig]

* C:\WINDOWS\System32\drivers\oprghdlr.sys [NoSig]

* C:\WINDOWS\System32\drivers\p3.sys [NoSig]

* C:\WINDOWS\System32\drivers\parport.sys [NoSig]

* C:\WINDOWS\System32\drivers\partmgr.sys [NoSig]

* C:\WINDOWS\System32\drivers\parvdm.sys [NoSig]

* C:\WINDOWS\System32\drivers\pciidex.sys [NoSig]

* C:\WINDOWS\System32\drivers\pci.sys [NoSig]

* C:\WINDOWS\System32\drivers\pcmcia.sys [NoSig]

* C:\WINDOWS\System32\drivers\portcls.sys [NoSig]

* C:\WINDOWS\System32\drivers\processr.sys [NoSig]

* C:\WINDOWS\System32\drivers\psched.sys [NoSig]

* C:\WINDOWS\System32\drivers\ptilink.sys [NoSig]

* C:\WINDOWS\System32\drivers\rasacd.sys [NoSig]

* C:\WINDOWS\System32\drivers\rasl2tp.sys [NoSig]

* C:\WINDOWS\System32\drivers\raspppoe.sys [NoSig]

* C:\WINDOWS\System32\drivers\raspptp.sys [NoSig]

* C:\WINDOWS\System32\drivers\raspti.sys [NoSig]

* C:\WINDOWS\System32\drivers\rawwan.sys [NoSig]

* C:\WINDOWS\System32\drivers\rdbss.sys [NoSig]

* C:\WINDOWS\System32\drivers\rdpcdd.sys [NoSig]

* C:\WINDOWS\System32\drivers\rdpdr.sys [NoSig]

* C:\WINDOWS\System32\drivers\rdpwd.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys : 139.656 : 06/24/2011 01:09 AM : 3348e61a78ba4f79c795aad6565d3b6f [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2723135\SP3QFE\rdpwd.sys : 139.784 : 07/04/2012 01:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2723135$\rdpwd.sys : 139.656 : 04/14/2008 00:00 AM : 6728e45b66f93c08f11de2e316fc70dd [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\2af9909b37fcd3acf51a7c824cbf7611\SP3GDR\rdpwd.sys : 139.784 : 01/09/2012 01:20 PM : 5b3055daa788bd688594d2f5981f2a83 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\2af9909b37fcd3acf51a7c824cbf7611\SP3QFE\rdpwd.sys : 139.784 : 01/09/2012 01:19 PM : 2d293b720c206473a05950ce007db12a [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\2cfd20cacb5fa9f1896e03e26e18a222\SP3GDR\rdpwd.sys : 139.656 : 05/02/2012 01:46 AM : 6589db6e5969f8eee594cf71171c5028 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\2cfd20cacb5fa9f1896e03e26e18a222\SP3QFE\rdpwd.sys : 139.656 : 05/02/2012 01:45 AM : 997c59b9955f911ec460241dd9e01b04 [Pos Repl]

* C:\WINDOWS\System32\drivers\redbook.sys [NoSig]

* C:\WINDOWS\System32\drivers\rmcast.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203.136 : 05/08/2008 01:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys : 202.624 : 04/14/2008 00:00 AM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]

* C:\WINDOWS\System32\drivers\rndismp.sys [NoSig]

* C:\WINDOWS\System32\drivers\rootmdm.sys [NoSig]

* C:\WINDOWS\System32\drivers\scsiport.sys [NoSig]

* C:\WINDOWS\System32\drivers\sdbus.sys [NoSig]

* C:\WINDOWS\System32\drivers\serenum.sys [NoSig]

* C:\WINDOWS\System32\drivers\serial.sys [NoSig]

* C:\WINDOWS\System32\drivers\sffdisk.sys [NoSig]

* C:\WINDOWS\System32\drivers\sffp_sd.sys [NoSig]

* C:\WINDOWS\System32\drivers\sfloppy.sys [NoSig]

* C:\WINDOWS\System32\drivers\smclib.sys [NoSig]

* C:\WINDOWS\System32\drivers\sonydcam.sys [NoSig]

* C:\WINDOWS\System32\drivers\splitter.sys [NoSig]

* C:\WINDOWS\System32\drivers\sr.sys [NoSig]

* C:\WINDOWS\System32\drivers\srv.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357.248 : 08/26/2010 01:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357.888 : 02/17/2011 01:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB982214\SP3QFE\srv.sys : 354.304 : 06/21/2010 01:18 AM : 422e4508508015c7d12f40bf9763f158 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2508429$\srv.sys : 334.848 : 04/14/2008 00:00 AM : 5252605079810904e31c332e241cd59b [Pos Repl]

* C:\WINDOWS\System32\drivers\stream.sys [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys : 48.512 : 07/09/2004 01:27 AM : 08116e1cfc74302f97ce523a8f5d6064 [Pos Repl]

* C:\WINDOWS\System32\drivers\swenum.sys [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\swenum.sys : 4.096 : 12/12/2002 01:14 AM : 616a013d3ea068b6dee83d905e92ee9f [Pos Repl]

* C:\WINDOWS\System32\drivers\swmidi.sys [NoSig]

* C:\WINDOWS\System32\drivers\sysaudio.sys [NoSig]

* C:\WINDOWS\System32\drivers\tape.sys [NoSig]

* C:\WINDOWS\System32\drivers\tcpip6.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225.856 : 06/20/2008 01:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys : 225.856 : 06/20/2008 01:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226.880 : 02/11/2010 01:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2509553$\tcpip6.sys : 225.664 : 04/14/2008 00:00 AM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB978338$\tcpip6.sys : 225.856 : 06/20/2008 00:08 AM : fb9f32acc1d3ad523f7ec900b66fc1bb [Pos Repl]

* C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361.600 : 06/20/2008 01:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361.600 : 06/20/2008 01:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys : 361.344 : 04/14/2008 00:00 AM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]

* C:\WINDOWS\System32\drivers\tdi.sys [NoSig]

* C:\WINDOWS\System32\drivers\tdpipe.sys [NoSig]

* C:\WINDOWS\System32\drivers\tdtcp.sys [NoSig]

* C:\WINDOWS\System32\drivers\termdd.sys [NoSig]

* C:\WINDOWS\System32\drivers\tosdvd.sys [NoSig]

* C:\WINDOWS\System32\drivers\tunmp.sys [NoSig]

* C:\WINDOWS\System32\drivers\udfs.sys [NoSig]

* C:\WINDOWS\System32\drivers\update.sys [NoSig]

* C:\WINDOWS\System32\drivers\usb8023.sys [NoSig]

+-> C:\WINDOWS\SoftwareDistribution\Download\19160731e9ce03aaa87e35163a3a5346\SP3GDR\usb8023.sys : 12.928 : 02/11/2013 09:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\19160731e9ce03aaa87e35163a3a5346\SP3QFE\usb8023.sys : 12.928 : 02/11/2013 09:43 PM : c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl]

* C:\WINDOWS\System32\drivers\usbcamd2.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbcamd.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbccgp.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbd.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbehci.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbhub.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbintel.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbport.sys [NoSig]

* C:\WINDOWS\System32\drivers\USBSTOR.sys [NoSig]

* C:\WINDOWS\System32\drivers\usbuhci.sys [NoSig]

* C:\WINDOWS\System32\drivers\vga.sys [NoSig]

* C:\WINDOWS\System32\drivers\videoprt.sys [NoSig]

* C:\WINDOWS\System32\drivers\volsnap.sys [NoSig]

* C:\WINDOWS\System32\drivers\wanarp.sys [NoSig]

* C:\WINDOWS\System32\drivers\wdmaud.sys [NoSig]

* C:\WINDOWS\System32\drivers\wmilib.sys [NoSig]

* C:\WINDOWS\System32\drivers\ws2ifsl.sys [NoSig]

* C:\WINDOWS\System32\dsound.dll [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll : 381.952 : 07/09/2004 01:27 AM : 033a45ab696eef481707c2808c806e1a [Pos Repl]

* C:\WINDOWS\System32\dssenh.dll [NoSig]

* C:\WINDOWS\System32\es.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll : 253.952 : 07/07/2008 05:25 PM : 6ec3c2a5cea41b78bb55b30444292cb8 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB950974$\es.dll : 246.272 : 04/14/2008 00:00 AM : 76abf3bb5a6d684641ec92b28240811d [Pos Repl]

* C:\WINDOWS\System32\eventlog.dll [NoSig]

* C:\WINDOWS\System32\hid.dll [NoSig]

* C:\WINDOWS\System32\hnetcfg.dll [NoSig]

* C:\WINDOWS\System32\imm32.dll [NoSig]

* C:\WINDOWS\System32\ipsecsvc.dll [NoSig]

* C:\WINDOWS\System32\kernel32.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll : 1.044.992 : 10/03/2012 05:57 AM : 34a51de07eb51d7f0a8eea573f58fc31 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll : 1.044.992 : 03/21/2009 07:30 PM : 97d5372816ec546bd035edaedb5e6918 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2758857$\kernel32.dll : 1.042.944 : 03/21/2009 00:08 AM : 7dc06bf4cbc3fcd7557d8d69dfbd49f5 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll : 1.042.944 : 04/14/2008 00:00 AM : f43fe49cf77ec1cef9db9e67bddb970f [Pos Repl]

* C:\WINDOWS\System32\ksuser.dll [NoSig]

+-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll : 4.096 : 12/12/2002 01:14 AM : 15914e0bf4dda56cf797993dccb637d1 [Pos Repl]

+-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\ksuser.dll : 4.096 : 04/14/2008 00:48 AM : d9a84134776399f6bd244bc456076575 [Pos Repl]

* C:\WINDOWS\System32\linkinfo.dll [NoSig]

* C:\WINDOWS\System32\lpk.dll [NoSig]

* C:\WINDOWS\System32\lsass.exe [NoSig]

* C:\WINDOWS\System32\mfc40u.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll : 953.856 : 09/18/2010 07:18 AM : c7d2de04eea71d72eb0a8793fa6e9fc1 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2387149$\mfc40u.dll : 927.504 : 04/14/2008 00:00 AM : 27415ceeb58c8c2f92aff8cfe2517a3c [Pos Repl]

* C:\WINDOWS\System32\midimap.dll [NoSig]

* C:\WINDOWS\System32\msgsvc.dll [NoSig]

* C:\WINDOWS\System32\mshtml.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2183461\SP3QFE\mshtml.dll : 3.094.528 : 06/24/2010 07:12 AM : 0ee027067fbfae684ab48bd13f9487b0 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll : 5.954.560 : 06/24/2010 07:28 AM : 919b94179e1d0fd9f7f4cfe033d88c3c [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll : 5.958.656 : 09/10/2010 07:50 AM : 04157ffa309d1775cea8b1831d7df759 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll : 5.960.704 : 11/05/2010 09:24 PM : 54517a9198da54c59c11e496733582d6 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll : 5.962.240 : 12/20/2010 08:51 PM : 3ea623e8296205c0c1a9a44368f8dc03 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll : 5.964.800 : 02/22/2011 08:26 PM : 5b2dca4310fd295bfccce5daec0442f5 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll : 5.967.360 : 05/30/2011 07:11 PM : 5fda6e84f190fd008fb0dc6e6bf20c3c [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll : 5.971.456 : 07/25/2011 07:07 AM : f3dfc7460d07f83865e5e8ef9715883e [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll : 5.978.624 : 11/04/2011 04:12 PM : 4bb3b66ccbd71bcf84fdfef9a4955d63 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2744842\SP3QFE\mshtml.dll : 3.110.400 : 08/30/2012 05:29 PM : 3b5e798ac3c5c83ab9f15702720dbd53 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll : 6.010.368 : 08/28/2012 05:17 AM : eb44f76332080fd115b8589d6dd8072f [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll : 6.010.880 : 11/12/2012 04:51 PM : c906c650ad1e1361683448199fe07eb9 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll : 5.953.024 : 05/06/2010 04:27 AM : 5d7062aa7bbc8a5ff8ed8109325984e1 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2744842$\mshtml.dll : 3.066.880 : 04/14/2008 00:00 AM : 85b88c504d1527978f1c2fbe6a41e799 [Pos Repl]

+-> C:\WINDOWS\ie8\mshtml.dll : 3.109.888 : 08/30/2012 05:33 PM : 1cfc8042b24577da8f001302f8062f68 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll : 5.950.976 : 05/06/2010 01:33 AM : 4b1bb5db92df08aca55ea93b29f4bcf5 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll : 5.951.488 : 06/24/2010 01:24 AM : 84acad2e4408261306bf83f1d436589d [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll : 5.957.120 : 09/10/2010 01:50 AM : 7ef19725fc6129d914ad7fda1dea9e46 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll : 5.959.168 : 11/05/2010 09:21 PM : 2e4553bca1258f792ff4a7d3b526da31 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll : 5.961.216 : 12/20/2010 08:51 PM : 5c3fff5a6629ae49821cd3548220a06c [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2530548-IE8\mshtml.dll : 5.962.240 : 02/22/2011 08:08 PM : 177f3a6b3e2babd0c911087202d2da5b [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2559049-IE8\mshtml.dll : 5.964.800 : 05/30/2011 07:12 PM : ea8c79d69a5022b6e5e22e9a91eb9cb5 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2618444-IE8\mshtml.dll : 5.950.976 : 05/06/2010 07:33 AM : 4b1bb5db92df08aca55ea93b29f4bcf5 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2744842-IE8\mshtml.dll : 5.978.112 : 11/04/2011 04:13 PM : 289a867941db68c289315a680d8ce395 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2761465-IE8\mshtml.dll : 6.008.832 : 08/28/2012 04:18 AM : 1206a54ad9b011118ea975d17baf1541 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll : 5.937.152 : 03/08/2009 04:41 AM : d469a0eba2ef5c6bee8065b7e3196e5e [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\1df57e976e4a45bad11f3ce7364adbc0\SP3GDR\mshtml.dll : 6.010.368 : 01/08/2013 05:38 PM : 3ad487acf6b1b9ae3b101dff8422700f [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\1df57e976e4a45bad11f3ce7364adbc0\SP3QFE\mshtml.dll : 6.011.904 : 01/08/2013 05:36 PM : 033a62f251f9d64fdab494fb461e9bb8 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\31cc2687a18f8c510a8b7f6cd21ec1ab\SP3GDR\mshtml.dll : 5.978.624 : 03/01/2012 05:59 AM : 4ce0b98e4b8c4e7097861d40d16bf050 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\31cc2687a18f8c510a8b7f6cd21ec1ab\SP3QFE\mshtml.dll : 5.980.672 : 03/01/2012 05:56 AM : 8b7a535d32c9bc0ef43da81a23de2203 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\37fd3caa702f17acaaf342930e54f80d\SP3GDR\mshtml.dll : 6.009.856 : 01/06/2013 05:33 AM : 510635a726af7636edcaa7bf11cc8b26 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\37fd3caa702f17acaaf342930e54f80d\SP3QFE\mshtml.dll : 6.011.392 : 01/06/2013 05:32 AM : 0ee37f47a2b1f02cc6a4545e484a1704 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3GDR\mshtml.dll : 5.950.976 : 05/06/2010 05:33 AM : 4b1bb5db92df08aca55ea93b29f4bcf5 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3QFE\mshtml.dll : 5.953.024 : 05/06/2010 05:27 AM : 5d7062aa7bbc8a5ff8ed8109325984e1 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3GDR\mshtml.dll : 5.951.488 : 06/24/2010 05:24 AM : 84acad2e4408261306bf83f1d436589d [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3QFE\mshtml.dll : 5.954.560 : 06/24/2010 05:28 AM : 919b94179e1d0fd9f7f4cfe033d88c3c [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\75f327e792d72e3c8ecae4bb4860787b\SP3GDR\mshtml.dll : 5.978.112 : 11/04/2011 04:13 PM : 289a867941db68c289315a680d8ce395 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\75f327e792d72e3c8ecae4bb4860787b\SP3QFE\mshtml.dll : 5.978.624 : 11/04/2011 04:12 PM : 4bb3b66ccbd71bcf84fdfef9a4955d63 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\91c2a3ee9a2b1c930cf8300c63a34699\backup\sp3gdr\mshtml.dll : 3.066.880 : 04/14/2008 00:00 AM : 85b88c504d1527978f1c2fbe6a41e799 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\91c2a3ee9a2b1c930cf8300c63a34699\sp3gdr\mshtml.dll : 3.109.888 : 07/11/2012 07:00 PM : 13bbefac61cbd4b9672deaa374ee9f06 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\91c2a3ee9a2b1c930cf8300c63a34699\sp3qfe\mshtml.dll : 3.110.400 : 07/11/2012 06:59 PM : 33340103bff479bb26a1dc09a6ffa548 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\e1117c9219e2e71da55685060940b606\SP3GDR\mshtml.dll : 6.008.832 : 08/28/2012 06:18 AM : 1206a54ad9b011118ea975d17baf1541 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\e1117c9219e2e71da55685060940b606\SP3QFE\mshtml.dll : 6.010.368 : 08/28/2012 06:17 AM : eb44f76332080fd115b8589d6dd8072f [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f07c2578b8c11544f995c1f637db0658\SP3GDR\mshtml.dll : 6.011.392 : 02/28/2013 11:27 PM : d2e49b4eb0edcc97aee4f2c472e9a068 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f07c2578b8c11544f995c1f637db0658\SP3QFE\mshtml.dll : 6.012.928 : 02/28/2013 11:26 PM : 5996f1eebe1e2fa3b6719fc11b9e9e5e [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f0fd3c8dc625f175f421ec42ab71d90d\SP3GDR\mshtml.dll : 5.971.456 : 10/03/2011 11:31 AM : 11ba965379941caf3ccc423182665082 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f0fd3c8dc625f175f421ec42ab71d90d\SP3QFE\mshtml.dll : 5.972.992 : 10/03/2011 11:30 AM : 6c295dcdd113523edfeb618507548a01 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f43cf0ebe199eb9004286cfa5a00705d\SP3GDR\mshtml.dll : 6.007.808 : 05/11/2012 11:43 AM : a7cc2f4a536fb972f51a2fdd90ff0afa [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f43cf0ebe199eb9004286cfa5a00705d\SP3QFE\mshtml.dll : 6.009.344 : 05/11/2012 11:42 AM : af0e44ebff592132cb8926608f4f2ae7 [Pos Repl]

* C:\WINDOWS\System32\msimg32.dll [NoSig]

* C:\WINDOWS\System32\mspmsnsv.dll [NoSig]

+-> C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll : 52.736 : 04/14/2008 05:48 AM : 57cf215b0250de0c4ae36abc8ae31be4 [Pos Repl]

+-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll : 25.088 : 08/11/2004 04:45 AM : a477391b7a8b0a0daabadb17cf533a4b [Pos Repl]

+-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll : 52.736 : 04/14/2008 04:00 AM : 57cf215b0250de0c4ae36abc8ae31be4 [Pos Repl]

* C:\WINDOWS\System32\msprivs.dll [NoSig]

* C:\WINDOWS\System32\msvcrt.dll [NoSig]

+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll : 322.560 : 04/14/2008 04:00 AM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]

+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll : 343.040 : 04/14/2008 04:00 AM : b1cb86d70023988360da136b317d8546 [Pos Repl]

* C:\WINDOWS\System32\mswsock.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll : 248.320 : 06/20/2008 02:44 PM : dc10b07f256c8edf6642015e380c741e [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll : 248.320 : 06/20/2008 02:44 PM : dc10b07f256c8edf6642015e380c741e [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll : 248.320 : 04/14/2008 05:00 AM : ad893c9d3a09081d55a4bdfbc66ad592 [Pos Repl]

* C:\WINDOWS\System32\netlogon.dll [NoSig]

* C:\WINDOWS\System32\netman.dll [NoSig]

* C:\WINDOWS\System32\ntkrnlpa.exe [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe : 2.071.808 : 12/09/2010 08:44 PM : 9f35605bc629f27aa34423b9de652284 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe : 2.071.808 : 10/26/2011 08:49 AM : e1d6ec017678a5b118fcc4d6e9d54012 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe : 2.071.552 : 04/11/2012 08:51 AM : f3364f7432d706f7550fba400dec258e [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe : 2.071.552 : 05/05/2012 08:14 AM : 539c2c08db474d3e35d0591b453705c5 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe : 2.068.608 : 02/09/2009 08:17 AM : 9b5e5d325cedbb10a9a86679634a38cc [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe : 2.069.376 : 04/28/2010 11:17 PM : e04ee6357753b8041744e1c815cc8ae4 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2393802$\ntkrnlpa.exe : 2.068.224 : 04/14/2008 05:00 AM : 2e2931a58b112cdf2a99b00b5dacdbe4 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe : 2.071.808 : 12/09/2010 05:13 AM : a09f7aae3b9d189f5f9fc16590df4a2d [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2707511$\ntkrnlpa.exe : 2.071.552 : 04/11/2012 05:53 AM : 8a943e5db9bc152aff0d26f9e9a68eff [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2724197$\ntkrnlpa.exe : 2.071.552 : 05/05/2012 05:14 AM : 022fd032105d0a6c02794b9c84bab0e6 [Pos Repl]

+-> C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe : 2.072.064 : 08/23/2012 04:27 AM : ad98fa3260891513aa5399437389f29f [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\11b2eedee6bff8594de0532f8f125103\sp3gdr\ntkrnlpa.exe : 2.072.192 : 01/07/2013 11:25 AM : c3d8034849831b11906a5c796a9d6ddf [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\11b2eedee6bff8594de0532f8f125103\sp3qfe\ntkrnlpa.exe : 2.072.192 : 01/07/2013 11:24 AM : a88240ba6f7ef5c72293c06a773c3376 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\3ea89e8db489522d4dbceff5e6b2e850\sp3gdr\ntkrnlpa.exe : 2.071.552 : 05/05/2012 11:14 AM : 022fd032105d0a6c02794b9c84bab0e6 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\3ea89e8db489522d4dbceff5e6b2e850\sp3qfe\ntkrnlpa.exe : 2.071.552 : 05/05/2012 11:14 AM : 539c2c08db474d3e35d0591b453705c5 [Pos Repl]

* C:\WINDOWS\System32\ntmssvc.dll [NoSig]

* C:\WINDOWS\System32\ntoskrnl.exe [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe : 2.195.200 : 12/09/2010 11:14 AM : 4f2053b8b0d20f4b398a95bdd1905893 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe : 2.195.200 : 10/26/2011 11:49 AM : 33d4e8feb318e8296b13f20ddd6d3ac9 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe : 2.195.072 : 04/11/2012 11:50 AM : 90eb3afd0833502e05d1d7a4b6f238a5 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe : 2.195.072 : 05/05/2012 11:14 AM : d9c76ce9f26d6a0725fe9c241819149a [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe : 2.191.616 : 02/10/2009 08:15 PM : 6bc8e4aafc98b556b8fb616ad30cd5a3 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe : 2.192.512 : 04/28/2010 08:17 AM : 236509eed5f0256fb9a803104f1de148 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe : 2.191.360 : 04/14/2008 05:00 AM : 6468827016fa22cae81d7059f1a974c0 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe : 2.195.200 : 12/09/2010 05:13 AM : 5e8f8bbeac46044a99c1edce00e96b01 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2707511$\ntoskrnl.exe : 2.195.072 : 04/11/2012 05:52 AM : ec6e69bcbf5cf5eac92626b82648a96e [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe : 2.195.072 : 05/05/2012 05:14 AM : ce21a80b5956fe8c3c0ea78654bb913f [Pos Repl]

+-> C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe : 2.195.328 : 08/23/2012 04:27 AM : 75b7e41846682a8be30e1002ee6320eb [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\11b2eedee6bff8594de0532f8f125103\sp3gdr\ntoskrnl.exe : 2.195.456 : 01/07/2013 11:25 AM : ef24649d2907048825f30b92277e3f03 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\11b2eedee6bff8594de0532f8f125103\sp3qfe\ntoskrnl.exe : 2.195.584 : 01/07/2013 11:24 AM : faacfdac432f3851fb5ba94abb2ec9cd [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\3ea89e8db489522d4dbceff5e6b2e850\sp3gdr\ntoskrnl.exe : 2.195.072 : 05/05/2012 11:14 AM : ce21a80b5956fe8c3c0ea78654bb913f [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\3ea89e8db489522d4dbceff5e6b2e850\sp3qfe\ntoskrnl.exe : 2.195.072 : 05/05/2012 11:14 AM : d9c76ce9f26d6a0725fe9c241819149a [Pos Repl]

* C:\WINDOWS\System32\oakley.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB974392\SP3QFE\oakley.dll : 271.360 : 10/13/2009 08:39 AM : 264586e0b00abf80b862c216be075c4d [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB974392$\oakley.dll : 271.360 : 04/14/2008 05:00 AM : 4526fd371e434d45e14102328a025637 [Pos Repl]

* C:\WINDOWS\System32\ole32.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll : 1.288.704 : 11/01/2011 01:05 PM : e8c2fa9ac16c25c0ab0677ba12d74bc1 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll : 1.288.704 : 07/16/2010 01:59 AM : bcfea258277fb42dd7f447eb61c34d06 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll : 1.287.680 : 07/16/2010 05:00 AM : 448fe53c1b2671db712c8e8838e4263f [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB979687$\ole32.dll : 1.287.168 : 04/14/2008 05:00 AM : 463d57bf9fe5871208ff99399360a57d [Pos Repl]

* C:\WINDOWS\System32\olepro32.dll [NoSig]

* C:\WINDOWS\System32\perfctrs.dll [NoSig]

* C:\WINDOWS\System32\powrprof.dll [NoSig]

* C:\WINDOWS\System32\psbase.dll [NoSig]

* C:\WINDOWS\System32\pstorsvc.dll [NoSig]

* C:\WINDOWS\System32\qmgr.dll [NoSig]

* C:\WINDOWS\System32\rasadhlp.dll [NoSig]

* C:\WINDOWS\System32\regsvc.dll [NoSig]

* C:\WINDOWS\System32\rpcss.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll : 401.408 : 02/09/2009 01:56 AM : aef41fc6f108cc4f94f9b4e96afa9c70 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll : 399.360 : 04/14/2008 05:00 AM : 53d02effa72ca5c57687bee20610aba6 [Pos Repl]

* C:\WINDOWS\System32\scecli.dll [NoSig]

* C:\WINDOWS\System32\schannel.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2541763\SP3QFE\schannel.dll : 151.552 : 04/29/2011 02:23 PM : 2af7f12d9c9b5c95568a10470a294b3e [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\schannel.dll : 152.064 : 11/16/2011 02:20 AM : 81ac64a666ceafa03c63bbd9d1e3b583 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2655992\SP3QFE\schannel.dll : 153.088 : 06/04/2012 02:31 AM : d16b219bf4e3229d7aa64c0bcbf5ef83 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll : 147.456 : 06/25/2009 02:42 AM : 3786e1c77df16c1c177a294164386161 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB980436\SP3QFE\schannel.dll : 149.504 : 06/30/2010 02:24 AM : c4074346a0433c92db998f42d419ce70 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2655992$\schannel.dll : 147.456 : 06/25/2009 05:26 AM : 8ebc52bf79c1e893f9634caaa83fb334 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB968389$\schannel.dll : 144.384 : 04/14/2008 05:00 AM : c0bcc6807b66368f37d0e7d0b717fe27 [Pos Repl]

* C:\WINDOWS\System32\schedsvc.dll [NoSig]

* C:\WINDOWS\System32\services.exe [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe : 111.104 : 02/09/2009 02:16 AM : aa6e1769469f9d15603a619fc1fb9e18 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB956572$\services.exe : 109.056 : 04/14/2008 05:00 AM : d658a8c2fc7b2ad53d1259741a09ee04 [Pos Repl]

* C:\WINDOWS\System32\setupapi.dll [NoSig]

* C:\WINDOWS\System32\sfc.dll [NoSig]

* C:\WINDOWS\System32\sfcfiles.dll [NoSig]

* C:\WINDOWS\System32\shsvcs.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll : 135.168 : 07/27/2009 07:14 PM : 8a34f9730a2206726b1be4dc4209cab9 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB971029$\shsvcs.dll : 135.168 : 04/14/2008 05:00 AM : ca70edbf32032ea53f114cb930741cb5 [Pos Repl]

* C:\WINDOWS\System32\smss.exe [NoSig]

* C:\WINDOWS\System32\spoolsv.exe [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe : 58.880 : 08/17/2010 07:19 AM : 258dd5d4283fd9f9a7166be9ae45ce73 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe : 57.856 : 04/14/2008 05:00 AM : cdd2dc6ae65084481e723e746c20539a [Pos Repl]

* C:\WINDOWS\System32\srsvc.dll [NoSig]

* C:\WINDOWS\System32\ssdpsrv.dll [NoSig]

* C:\WINDOWS\System32\svchost.exe [NoSig]

* C:\WINDOWS\System32\tapisrv.dll [NoSig]

* C:\WINDOWS\System32\termsrv.dll [NoSig]

* C:\WINDOWS\System32\upnphost.dll [NoSig]

* C:\WINDOWS\System32\user32.dll [NoSig]

* C:\WINDOWS\System32\userinit.exe [NoSig]

* C:\WINDOWS\System32\usp10.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB981322\SP3QFE\usp10.dll : 406.016 : 04/16/2010 07:30 AM : 964d29711065a944e1bec7fd676e61d9 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB981322$\usp10.dll : 406.016 : 04/14/2008 05:00 AM : d2abeb6af76da414d1fff8b409f00635 [Pos Repl]

* C:\WINDOWS\System32\UxTheme.dll [NoSig]

* C:\WINDOWS\System32\version.dll [NoSig]

* C:\WINDOWS\System32\w32time.dll [NoSig]

* C:\WINDOWS\System32\wbem\wmiprvse.exe [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe : 227.840 : 02/06/2009 07:15 AM : f520ab392d58c0a1070268032d809382 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe : 218.112 : 04/14/2008 05:00 AM : 3d47902bd4be157f89b469f5cc7b5fa2 [Pos Repl]

* C:\WINDOWS\System32\wdigest.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\wdigest.dll : 54.272 : 06/25/2009 07:42 AM : f5a46222d555489958d85aa6f16499aa [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB968389$\wdigest.dll : 49.152 : 04/14/2008 05:00 AM : 31ea4ef7f106c7b2d28fc50d9e75d60e [Pos Repl]

* C:\WINDOWS\System32\wiaservc.dll [NoSig]

* C:\WINDOWS\System32\wininet.dll [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB2183461\SP3QFE\wininet.dll : 671.232 : 06/24/2010 07:12 AM : 6d7040b3e3ff3053e6210f585216cc58 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll : 919.040 : 06/24/2010 07:28 AM : 53e8f49c2c08decabef9161064a86b7f [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll : 919.552 : 09/10/2010 07:50 AM : dc9098440b4f317afc22611506b1e51d [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll : 919.552 : 11/05/2010 09:24 PM : 164f5176393730ca6da08cbbbb6e1fa4 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll : 919.552 : 12/20/2010 08:51 PM : 9d76c14c32943fc5a4e18c5929ce010d [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll : 919.552 : 02/22/2011 08:26 PM : 0d9f8b29f6f44cc730df02a4bb5db938 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll : 919.552 : 04/25/2011 01:03 PM : 49dd731bb59a207cb13e55de6ce20c16 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll : 919.552 : 06/23/2011 03:29 PM : 04d4065ec4f36bb9f0b251af2bba9673 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll : 919.552 : 11/04/2011 04:12 PM : b6716dc84cae442957e40875d012f183 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2744842\SP3QFE\wininet.dll : 671.232 : 08/30/2012 05:29 PM : a674ff27945f8fc9d0c8e992b4c3a2ae [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll : 920.064 : 08/28/2012 05:17 AM : f503cfa1863ee2745677b6d5302454ef [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll : 920.064 : 11/01/2012 05:11 AM : 2accfb3a52634380461a8f042d45ced2 [Pos Repl]

+-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll : 919.040 : 05/06/2010 05:28 AM : 9acfbee8e9573ee39cb93c636df36f78 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB2744842$\wininet.dll : 668.672 : 04/14/2008 05:00 AM : a9a84cfc20d5f4c609e9cbf9491b8df6 [Pos Repl]

+-> C:\WINDOWS\ie8\wininet.dll : 669.696 : 08/30/2012 05:33 PM : 3440d035c998056cc8e5373ff07ea7d8 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2183461-IE8\wininet.dll : 916.480 : 05/06/2010 04:33 AM : 26412d06783e47eac7667569bf6962d3 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll : 916.480 : 06/24/2010 04:24 AM : 2129e30c14179d3b68f31758d8a0e79c [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll : 916.480 : 09/10/2010 04:50 AM : ab73edc1c6d05869764d938436b1afb5 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2482017-IE8\wininet.dll : 916.480 : 11/05/2010 09:21 PM : 48999895a4d990c8cae41be339cfb2fa [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2497640-IE8\wininet.dll : 916.480 : 12/20/2010 08:51 PM : 339484fe932630e2bed2b62b1eb95318 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2530548-IE8\wininet.dll : 916.480 : 02/22/2011 08:08 PM : 5b51165136d5dd27db36035cdb03db69 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2559049-IE8\wininet.dll : 916.480 : 04/25/2011 01:05 PM : f711f6f4d64613b1d742c0cbc221ace4 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll : 916.480 : 05/06/2010 01:33 AM : 26412d06783e47eac7667569bf6962d3 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2744842-IE8\wininet.dll : 916.992 : 11/04/2011 04:13 PM : e23dca6f31b9a97714f334b67b412fbd [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB2761465-IE8\wininet.dll : 916.992 : 08/28/2012 04:18 AM : 93e89539bc12e61b31a20edc41da8ff4 [Pos Repl]

+-> C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll : 914.944 : 03/08/2009 04:34 AM : 6ce32f7778061ccc5814d5e0f282d369 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\1df57e976e4a45bad11f3ce7364adbc0\SP3GDR\wininet.dll : 916.480 : 12/26/2012 05:21 PM : bd43a5fe6330b3c26271375b72422e4c [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\1df57e976e4a45bad11f3ce7364adbc0\SP3QFE\wininet.dll : 920.064 : 12/26/2012 05:19 PM : e3646857e43ecb099e435338f299b9aa [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\31cc2687a18f8c510a8b7f6cd21ec1ab\SP3GDR\wininet.dll : 916.992 : 03/01/2012 05:59 AM : 5bd18846a35df7b75aa56ca279306a56 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\31cc2687a18f8c510a8b7f6cd21ec1ab\SP3QFE\wininet.dll : 919.552 : 03/01/2012 05:56 AM : e8326d1085e09c13cbd3333c065de198 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3GDR\wininet.dll : 916.480 : 05/06/2010 05:33 AM : 26412d06783e47eac7667569bf6962d3 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3QFE\wininet.dll : 919.040 : 05/06/2010 05:28 AM : 9acfbee8e9573ee39cb93c636df36f78 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3GDR\wininet.dll : 916.480 : 06/24/2010 05:24 AM : 2129e30c14179d3b68f31758d8a0e79c [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3QFE\wininet.dll : 919.040 : 06/24/2010 05:28 AM : 53e8f49c2c08decabef9161064a86b7f [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\75f327e792d72e3c8ecae4bb4860787b\SP3GDR\wininet.dll : 916.992 : 11/04/2011 04:13 PM : e23dca6f31b9a97714f334b67b412fbd [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\75f327e792d72e3c8ecae4bb4860787b\SP3QFE\wininet.dll : 919.552 : 11/04/2011 04:12 PM : b6716dc84cae442957e40875d012f183 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\91c2a3ee9a2b1c930cf8300c63a34699\sp3gdr\wininet.dll : 669.696 : 06/28/2012 06:32 PM : 65824cfa8c6d8b8a92b651f255ebde38 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\91c2a3ee9a2b1c930cf8300c63a34699\sp3qfe\wininet.dll : 671.232 : 06/28/2012 06:31 PM : 9ffb1ef7be81028f34d281cb247fa512 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\e1117c9219e2e71da55685060940b606\SP3GDR\wininet.dll : 916.992 : 08/28/2012 06:18 AM : 93e89539bc12e61b31a20edc41da8ff4 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\e1117c9219e2e71da55685060940b606\SP3QFE\wininet.dll : 920.064 : 08/28/2012 06:17 AM : f503cfa1863ee2745677b6d5302454ef [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f07c2578b8c11544f995c1f637db0658\SP3GDR\wininet.dll : 916.480 : 02/05/2013 05:13 PM : a52a0ad6ff79f08b634b03a10d8e30c6 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f07c2578b8c11544f995c1f637db0658\SP3QFE\wininet.dll : 920.064 : 02/05/2013 05:10 PM : 60872897190a0c18f1f535ec2fcbfde8 [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f0fd3c8dc625f175f421ec42ab71d90d\SP3GDR\wininet.dll : 916.480 : 08/22/2011 08:41 PM : 455d0d895db28e2a980f255ceb71eafb [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f0fd3c8dc625f175f421ec42ab71d90d\SP3QFE\wininet.dll : 919.552 : 08/22/2011 08:40 PM : dc31d7398dace4d2accea41055f7e0dd [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f43cf0ebe199eb9004286cfa5a00705d\SP3GDR\wininet.dll : 916.992 : 05/16/2012 08:08 AM : f1efd9ee93e10865d809d5b0a4729d4d [Pos Repl]

+-> C:\WINDOWS\SoftwareDistribution\Download\f43cf0ebe199eb9004286cfa5a00705d\SP3QFE\wininet.dll : 920.064 : 05/16/2012 08:07 AM : 5ae0fdbf89228ecb976c6388ddc64583 [Pos Repl]

* C:\WINDOWS\System32\winlogon.exe [NoSig]

* C:\WINDOWS\System32\ws2_32.dll [NoSig]

* C:\WINDOWS\System32\ws2help.dll [NoSig]

* C:\WINDOWS\System32\wscntfy.exe [NoSig]

* C:\WINDOWS\System32\xmlprov.dll [NoSig]

* C:\WINDOWS\explorer.exe [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/14/2013 09:45:11 PM

Execution time: 0 hours(s), 17 minute(s), and 57 seconds(s)

Link to post
Share on other sites

MBAR report:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.03.22.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Usuario :: PC_JULIAN [administrator]

14/04/2013 10:10:52 p.m.

mbar-log-2013-04-14 (22-10-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 45471

Time elapsed: 24 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKCU\SOFTWARE\ASH24SXZ9S (Trojan.FakeAlert) -> Delete on reboot.

HKCU\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Delete on reboot.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Delete on reboot.

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I made a second scan without rebooting, in which the program found nothing, and then made another one after the reboot, and it didn't find anything either.

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.03.22.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Usuario :: PC_JULIAN [administrator]

14/04/2013 11:14:03 p.m.

mbar-log-2013-04-14 (23-14-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 45419

Time elapsed: 22 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Everything seems to be the same, however.

Link to post
Share on other sites

You can copy/save all your personal files & documents, etc now, by using Windows Explorer and copying them to Offline media, like external USB drive, or burning to CD or DVD.

You can do that now.

Then after that I can give you general tips on how to do a wipe/erase/ and new clean Windows install.

Remember, that it means you will lose all personal documents & files & programs you added since you 1st had the computer as new.

There are several questionable windows services, and the security state of this install is questionable. So a wipe & reload is the safest to do.

Tell me after you have finished the copying of your stuff.

In future, after the wipe, you would scan your saved files with both MBAM & Antivirus before restoring them back onto the rebuilt system.

Link to post
Share on other sites

By Windows Explorer you mean the regular explorer.exe program? I'm still not able to copy stuff, I managed to move a few files via adding them to a zip file inside the USB, but now that I've found and old HDD I'm gonna use it for backup, so it'd be nice if I could somehow manage to copy the files to that disk. Do you think there's a way or should I just go ape-mode and zip/unzip them all? :P

Link to post
Share on other sites

Thing is, explorer,exe pretty much never stopped working, I seem to be able to copy stuff but I cannot paste it elsewhere. Is there a way to fix this so I can copy my files into the backup HDD or, as I said, should I just burn everything into a DVD and then extract it directly on the HDD?

Link to post
Share on other sites

Look, you need to sharpen your skills with Windows Explorer.

Under the Edit options, you can select those files you need to save, and then you can Copy and then Paste into your "save" target by doing a Right-click on the "target".

There are some other ways in Explorer to do that, but I cannot possibly teach you all of that.

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Link to post
Share on other sites

p.s.s. I urge you to see & study this How to at Bleepingcomputer

http://www.bleepingcomputer.com/tutorials/cut-copy-and-paste-in-windows/

specifically the section "Cut, Copy and Paste with Files and Folders"

Edited by Maurice Naggar
Link to post
Share on other sites

No, you don't get it, I know my way around Windows pretty well, it's not a mental impairment that doesn't allow me to copy stuff, it's the computer itself, or the virus, whatever it is that's causing it. Whether I ctrl-c it, right click it, go to the Edit menu, I still get the Paste option grayed out in every folder, I also cannot drag items around, so this also prevents me from copying them, or even moving them from one place to another.

Link to post
Share on other sites

Make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

IF you did not get a Windows operating system CD when you bought this system, do check with your manufacturer on the factory restore procedure.

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

Remember that when you do this you will need to have the installers for all your software, along with all the information for configuring your system, such as license keys and passwords.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

Link to post
Share on other sites

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.