Jump to content

Please help, I ran combofix and got these log results...


d0zer

Recommended Posts

Please help. I have a computer infected at a minimum with the Windows Antivirus Pro 09 virus. This thing is driving me nuts. Malware keeps crashing after a few seconds. And I've only after much effort have been able to run any file with an .exe extension. IE is touch and go, but usually crashes. I even tried running F-secure's online scanner and it crashes too. So any and all help will be much appreciated. TIA.

ComboFix 09-09-23.02 - Rose Aguilar 09/23/2009 16:17.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.418 [GMT -6:00]

Running from: c:\documents and settings\Rose Aguilar\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Rose Aguilar\Cookies\hpothb07.dat

c:\documents and settings\Rose Aguilar\Local Settings\Temporary Internet Files\hpothb07.dat

c:\documents and settings\Rose Aguilar\Local Settings\Temporary Internet Files\hpothb07.tif

c:\documents and settings\Tom Gattis\Local Settings\Temporary Internet Files\hpothb07.dat

c:\documents and settings\Tom Gattis\Local Settings\Temporary Internet Files\hpothb07.tif

c:\program files\autorun.inf

c:\program files\foxrun.pif

c:\program files\Windows Antivirus Pro

c:\program files\Windows Antivirus Pro\msvcm80.dll

c:\program files\Windows Antivirus Pro\msvcp80.dll

c:\program files\Windows Antivirus Pro\msvcr80.dll

c:\program files\Windows Antivirus Pro\tmp\dbsinit.exe

c:\program files\Windows Antivirus Pro\tmp\images\i1.gif

c:\program files\Windows Antivirus Pro\tmp\images\i2.gif

c:\program files\Windows Antivirus Pro\tmp\images\i3.gif

c:\program files\Windows Antivirus Pro\tmp\images\j1.gif

c:\program files\Windows Antivirus Pro\tmp\images\j2.gif

c:\program files\Windows Antivirus Pro\tmp\images\j3.gif

c:\program files\Windows Antivirus Pro\tmp\images\jj1.gif

c:\program files\Windows Antivirus Pro\tmp\images\jj2.gif

c:\program files\Windows Antivirus Pro\tmp\images\jj3.gif

c:\program files\Windows Antivirus Pro\tmp\images\l1.gif

c:\program files\Windows Antivirus Pro\tmp\images\l2.gif

c:\program files\Windows Antivirus Pro\tmp\images\l3.gif

c:\program files\Windows Antivirus Pro\tmp\images\pix.gif

c:\program files\Windows Antivirus Pro\tmp\images\t1.gif

c:\program files\Windows Antivirus Pro\tmp\images\t2.gif

c:\program files\Windows Antivirus Pro\tmp\images\up1.gif

c:\program files\Windows Antivirus Pro\tmp\images\up2.gif

c:\program files\Windows Antivirus Pro\tmp\images\w1.gif

c:\program files\Windows Antivirus Pro\tmp\images\w11.gif

c:\program files\Windows Antivirus Pro\tmp\images\w2.gif

c:\program files\Windows Antivirus Pro\tmp\images\w3.gif

c:\program files\Windows Antivirus Pro\tmp\images\w3.jpg

c:\program files\Windows Antivirus Pro\tmp\images\wt1.gif

c:\program files\Windows Antivirus Pro\tmp\images\wt2.gif

c:\program files\Windows Antivirus Pro\tmp\images\wt3.gif

c:\program files\Windows Antivirus Pro\tmp\wispex.html

c:\windows\Downloaded Program Files\RdxIE.dll

c:\windows\Installer\10421122.msp

c:\windows\Installer\104818c6.msp

c:\windows\Installer\1081cf21.msp

c:\windows\Installer\10b22064.msp

c:\windows\Installer\10caafce.msp

c:\windows\Installer\10e8b4ed.msp

c:\windows\Installer\10ef9a1.msp

c:\windows\Installer\10f06918.msp

c:\windows\Installer\11196bfe.msp

c:\windows\Installer\113ee83f.msp

c:\windows\Installer\11703d75.msp

c:\windows\Installer\117aa3c0.msp

c:\windows\Installer\11a2fb05.msp

c:\windows\Installer\11f297b2.msp

c:\windows\Installer\121f57.msp

c:\windows\Installer\12203cc1.msp

c:\windows\Installer\122cb89e.msp

c:\windows\Installer\123c2fa.msi

c:\windows\Installer\123c2fb.msp

c:\windows\Installer\123c2fc.msp

c:\windows\Installer\123c2fd.msp

c:\windows\Installer\123c2fe.msp

c:\windows\Installer\123c2ff.msp

c:\windows\Installer\123c300.msp

c:\windows\Installer\123c301.msp

c:\windows\Installer\123c302.msp

c:\windows\Installer\123c303.msp

c:\windows\Installer\126597a3.msp

c:\windows\Installer\1287cb7f.msp

c:\windows\Installer\12a028dd.msp

c:\windows\Installer\12c6a4ea.msp

c:\windows\Installer\12fda30a.msp

c:\windows\Installer\1307a9a1.msp

c:\windows\Installer\13750de7.msp

c:\windows\Installer\13810ca4.msp

c:\windows\Installer\13bfacbf.msp

c:\windows\Installer\13df25ef.msp

c:\windows\Installer\13efdcd.msp

c:\windows\Installer\144d5eea.msp

c:\windows\Installer\146cf1.msi

c:\windows\Installer\146cf2.msp

c:\windows\Installer\146cf3.msp

c:\windows\Installer\146cf4.msp

c:\windows\Installer\146cf5.msp

c:\windows\Installer\146cf6.msp

c:\windows\Installer\146cf7.msp

c:\windows\Installer\146cf8.msp

c:\windows\Installer\146cf9.msp

c:\windows\Installer\146cfa.msp

c:\windows\Installer\148ee748.msp

c:\windows\Installer\148f06e6.msp

c:\windows\Installer\148f2868.msp

c:\windows\Installer\1490fe70.msp

c:\windows\Installer\149144b1.msp

c:\windows\Installer\14a6ae.msp

c:\windows\Installer\14b2698.msp

c:\windows\Installer\15685d73.msp

c:\windows\Installer\156e6f19.msp

c:\windows\Installer\1578827.msp

c:\windows\Installer\15a84abe.msp

c:\windows\Installer\15f787f6.msp

c:\windows\Installer\160f0a74.msp

c:\windows\Installer\1616ea82.msp

c:\windows\Installer\16652eb3.msp

c:\windows\Installer\169757e3.msp

c:\windows\Installer\16a11309.msp

c:\windows\Installer\16a54949.msp

c:\windows\Installer\16c9368d.msp

c:\windows\Installer\1718eda7.msp

c:\windows\Installer\17469249.msp

c:\windows\Installer\175edf3.msp

c:\windows\Installer\17813e1.msp

c:\windows\Installer\178bbb6d.msp

c:\windows\Installer\17ae1908.msp

c:\windows\Installer\17c693a2.msp

c:\windows\Installer\17d8187.msp

c:\windows\Installer\1824234b.msp

c:\windows\Installer\182df93d.msp

c:\windows\Installer\18a74c33.msp

c:\windows\Installer\18e5f7d7.msp

c:\windows\Installer\1973c606.msp

c:\windows\Installer\19926cc.msp

c:\windows\Installer\19b559fd.msp

c:\windows\Installer\19b57cb7.msp

c:\windows\Installer\19b57df0.msp

c:\windows\Installer\19b76434.msp

c:\windows\Installer\19b79065.msp

c:\windows\Installer\1a66d0d.msp

c:\windows\Installer\1a8eb3a6.msp

c:\windows\Installer\1a94ba31.msp

c:\windows\Installer\1acecdaf.msp

c:\windows\Installer\1b17317c.msp

c:\windows\Installer\1b3d31b2.msp

c:\windows\Installer\1b8b89e8.msp

c:\windows\Installer\1bef9c9f.msp

c:\windows\Installer\1c3f6ee3.msp

c:\windows\Installer\1c6ce773.msp

c:\windows\Installer\1cb1f118.msp

c:\windows\Installer\1cbd0a5.msp

c:\windows\Installer\1cd48a46.msp

c:\windows\Installer\1ceccb80.msp

c:\windows\Installer\1d4a4b2b.msp

c:\windows\Installer\1d545e17.msp

c:\windows\Installer\1dcda871.msp

c:\windows\Installer\1e0c5454.msp

c:\windows\Installer\1ebf474d.msp

c:\windows\Installer\1edbb3ab.msp

c:\windows\Installer\1edbc771.msp

c:\windows\Installer\1eddcaa4.msp

c:\windows\Installer\1edddef7.msp

c:\windows\Installer\1fb53196.msp

c:\windows\Installer\1fbb360d.msp

c:\windows\Installer\2010b1c.msp

c:\windows\Installer\203d9636.msp

c:\windows\Installer\20637056.msp

c:\windows\Installer\207c19e.msp

c:\windows\Installer\2193477a.msp

c:\windows\Installer\21d863dc.msp

c:\windows\Installer\21eed90.msp

c:\windows\Installer\21fa9e.msi

c:\windows\Installer\21fad260.msp

c:\windows\Installer\2270a6fd.msp

c:\windows\Installer\227ae81c.msp

c:\windows\Installer\22f3fcb1.msp

c:\windows\Installer\22fecf1.msp

c:\windows\Installer\2332bb6f.msp

c:\windows\Installer\2345c03.msp

c:\windows\Installer\2402075e.msp

c:\windows\Installer\240246c8.msp

c:\windows\Installer\24041aec.msp

c:\windows\Installer\2404d5ff.msp

c:\windows\Installer\24db943d.msp

c:\windows\Installer\24e13509.msp

c:\windows\Installer\25640a52.msp

c:\windows\Installer\25833da0.msp

c:\windows\Installer\2589da8f.msp

c:\windows\Installer\258c463.msp

c:\windows\Installer\26b637.msp

c:\windows\Installer\26bb8a8a.msp

c:\windows\Installer\26c8b.msp

c:\windows\Installer\26e655f.msp

c:\windows\Installer\26fe817c.msp

c:\windows\Installer\279753ad.msp

c:\windows\Installer\27a11183.msp

c:\windows\Installer\27fde07.msp

c:\windows\Installer\281a739b.msp

c:\windows\Installer\2829f2b.msp

c:\windows\Installer\2855d80.msp

c:\windows\Installer\29288984.msp

c:\windows\Installer\292a6cf9.msp

c:\windows\Installer\292b6265.msp

c:\windows\Installer\29bcad5.msp

c:\windows\Installer\2a01cbcd.msp

c:\windows\Installer\2a05eed2.msp

c:\windows\Installer\2a8a5923.msp

c:\windows\Installer\2ad502f.msp

c:\windows\Installer\2b2760e.msp

c:\windows\Installer\2b9c853.msp

c:\windows\Installer\2bbcd3b.msp

c:\windows\Installer\2be219ee.msp

c:\windows\Installer\2c25cbe3.msp

c:\windows\Installer\2c308668.msp

c:\windows\Installer\2c99f.msp

c:\windows\Installer\2cbd8447.msp

c:\windows\Installer\2cc77a54.msp

c:\windows\Installer\2d315.msp

c:\windows\Installer\2d40cfca.msp

c:\windows\Installer\2d6d15e.msp

c:\windows\Installer\2e0e795.msp

c:\windows\Installer\2e1f9.msp

c:\windows\Installer\2e50dcef.msp

c:\windows\Installer\2e5180ef.msp

c:\windows\Installer\2f265fa.msp

c:\windows\Installer\2f283c10.msp

c:\windows\Installer\2f2c6455.msp

c:\windows\Installer\2fb0a0c0.msp

c:\windows\Installer\31092597.msp

c:\windows\Installer\314b45c0.msp

c:\windows\Installer\314e8e0.msp

c:\windows\Installer\31e44ba4.msp

c:\windows\Installer\31ede279.msp

c:\windows\Installer\32173.msp

c:\windows\Installer\32d467c.msp

c:\windows\Installer\3375fe1d.msp

c:\windows\Installer\33780d46.msp

c:\windows\Installer\3441b4.msp

c:\windows\Installer\344e8544.msp

c:\windows\Installer\3452da65.msp

c:\windows\Installer\34d71970.msp

c:\windows\Installer\353a4ff.msp

c:\windows\Installer\35a9770.msp

c:\windows\Installer\35acf68.msp

c:\windows\Installer\35daa3e.msp

c:\windows\Installer\36719992.msp

c:\windows\Installer\36badf3.msp

c:\windows\Installer\370a3514.msp

c:\windows\Installer\37142c1a.msp

c:\windows\Installer\3843a40.msp

c:\windows\Installer\389b966f.msp

c:\windows\Installer\389e436e.msp

c:\windows\Installer\38aa3f9.msp

c:\windows\Installer\3974e626.msp

c:\windows\Installer\3979329d.msp

c:\windows\Installer\397cde8.msp

c:\windows\Installer\39c18f8.msp

c:\windows\Installer\39fd65d0.msp

c:\windows\Installer\3ad68.msp

c:\windows\Installer\3b980a34.msp

c:\windows\Installer\3c2d4fc.msp

c:\windows\Installer\3c309922.msp

c:\windows\Installer\3c3a90c5.msp

c:\windows\Installer\3dc21393.msp

c:\windows\Installer\3dc4d36f.msp

c:\windows\Installer\3e9f7690.msp

c:\windows\Installer\3f23bd0d.msp

c:\windows\Installer\3f636da.msp

c:\windows\Installer\4047fd6.msp

c:\windows\Installer\40be5c31.msp

c:\windows\Installer\40dfa4a.msp

c:\windows\Installer\4156e5a1.msp

c:\windows\Installer\416098ee.msp

c:\windows\Installer\41fdfa6.msp

c:\windows\Installer\42a106a.msp

c:\windows\Installer\42e88d8b.msp

c:\windows\Installer\43c5d02f.msp

c:\windows\Installer\444a459b.msp

c:\windows\Installer\44cb995.msp

c:\windows\Installer\45e4b023.msp

c:\windows\Installer\467d6007.msp

c:\windows\Installer\46a9775.msp

c:\windows\Installer\480eb4a0.msp

c:\windows\Installer\497094e9.msp

c:\windows\Installer\4b0af81e.msp

c:\windows\Installer\4b254.msp

c:\windows\Installer\4ba64745.msp

c:\windows\Installer\4cc1f0c.msp

c:\windows\Installer\4d35196a.msp

c:\windows\Installer\4da6d47.msp

c:\windows\Installer\4ddd401.msp

c:\windows\Installer\4e2fa.msp

c:\windows\Installer\4e970099.msp

c:\windows\Installer\50315bbf.msp

c:\windows\Installer\51bf789.msp

c:\windows\Installer\51c0d15.msp

c:\windows\Installer\51c7489.msp

c:\windows\Installer\51ca790.msp

c:\windows\Installer\51e1c1f.msp

c:\windows\Installer\51e4fa2.msp

c:\windows\Installer\51e5262.msp

c:\windows\Installer\525b7413.msp

c:\windows\Installer\5557b0ba.msp

c:\windows\Installer\5784e8ad.msp

c:\windows\Installer\598e866.msp

c:\windows\Installer\5a4978d.msp

c:\windows\Installer\5a7e0298.msp

c:\windows\Installer\5beb150.msp

c:\windows\Installer\5cabe10c.msp

c:\windows\Installer\5f57006.msp

c:\windows\Installer\5fa45f83.msp

c:\windows\Installer\5fb5d5b.msp

c:\windows\Installer\60f520f.msp

c:\windows\Installer\62615c2.msp

c:\windows\Installer\63523f2.msp

c:\windows\Installer\6654d0c.msp

c:\windows\Installer\67dbde2.msp

c:\windows\Installer\69c1bde.msp

c:\windows\Installer\6a3aa03.msp

c:\windows\Installer\6bf687d.msp

c:\windows\Installer\6ccbdb3.msp

c:\windows\Installer\6f212c4.msp

c:\windows\Installer\723bc25.msp

c:\windows\Installer\7276845.msp

c:\windows\Installer\729bb8.msp

c:\windows\Installer\72df313.msp

c:\windows\Installer\7564363.msp

c:\windows\Installer\7a5e7c1.msp

c:\windows\Installer\7a8d9e7.msp

c:\windows\Installer\7c21541.msp

c:\windows\Installer\7d388e8.msp

c:\windows\Installer\7e005de.msp

c:\windows\Installer\7e200b4.msp

c:\windows\Installer\7e3eaa.msp

c:\windows\Installer\7fd4a6b.msp

c:\windows\Installer\8073107.msp

c:\windows\Installer\8187735.msp

c:\windows\Installer\83b2419.msp

c:\windows\Installer\853839a.msp

c:\windows\Installer\87a0ff3.msp

c:\windows\Installer\8814d57.msp

c:\windows\Installer\884112b.msp

c:\windows\Installer\8935704.msp

c:\windows\Installer\8b0e954.msp

c:\windows\Installer\8badbb7.msp

c:\windows\Installer\8be20f0.msp

c:\windows\Installer\8c00a70.msp

c:\windows\Installer\8c267b9.msp

c:\windows\Installer\934532d.msp

c:\windows\Installer\9508e98.msp

c:\windows\Installer\972de97.msp

c:\windows\Installer\983021f.msp

c:\windows\Installer\990e74f.msp

c:\windows\Installer\9b5225.msp

c:\windows\Installer\a00bb9b.msp

c:\windows\Installer\a423498.msp

c:\windows\Installer\a424783.msp

c:\windows\Installer\a428623.msp

c:\windows\Installer\a4475dd.msp

c:\windows\Installer\a4484f0.msp

c:\windows\Installer\acad8b2.msp

c:\windows\Installer\b1ba97a.msp

c:\windows\Installer\b21c726.msp

c:\windows\Installer\b4c9bb0.msp

c:\windows\Installer\b5b6e1f.msp

c:\windows\Installer\b8bb5cd.msp

c:\windows\Installer\ba41ea5.msp

c:\windows\Installer\bc24db2.msp

c:\windows\Installer\bca3cd2.msp

c:\windows\Installer\bdff3.msp

c:\windows\Installer\be5dbed.msp

c:\windows\Installer\bf312cd.msp

c:\windows\Installer\c1867de.msp

c:\windows\Installer\c49e07b.msp

c:\windows\Installer\c4e44.msp

c:\windows\Installer\c4ee342.msp

c:\windows\Installer\c543040.msp

c:\windows\Installer\c7c93ab.msp

c:\windows\Installer\ccc495e.msp

c:\windows\Installer\ccf15fb.msp

c:\windows\Installer\ceebec.msp

c:\windows\Installer\cfa0d5f.msp

c:\windows\Installer\d0653b5.msp

c:\windows\Installer\d084a26.msp

c:\windows\Installer\d2d9eca.msp

c:\windows\Installer\d3ecbc3.msp

c:\windows\Installer\d53ada.msp

c:\windows\Installer\d616bb7.msp

c:\windows\Installer\d79d365.msp

c:\windows\Installer\da068b7.msp

c:\windows\Installer\da7af91.msp

c:\windows\Installer\dd75439.msp

c:\windows\Installer\de149d8.msp

c:\windows\Installer\de8de27.msp

c:\windows\Installer\e5aad77.msp

c:\windows\Installer\e952d5.msp

c:\windows\Installer\e9949e9.msp

c:\windows\Installer\ea3a18.msp

c:\windows\Installer\eb756c8.msp

c:\windows\Installer\edc7587.msp

c:\windows\Installer\ef2aed.msp

c:\windows\Installer\f27602d.msp

c:\windows\Installer\f688f4f.msp

c:\windows\Installer\f68b3ee.msp

c:\windows\Installer\f68ce1e.msp

c:\windows\Installer\f697e.msp

c:\windows\Installer\f6ab1d2.msp

c:\windows\Installer\f6adb24.msp

c:\windows\Installer\ffc655.msp

c:\windows\msa.exe

c:\windows\ppp3.dat

c:\windows\ppp4.dat

c:\windows\svchast.exe

c:\windows\system32\bennuar.old

c:\windows\system32\bincd32.dat

c:\windows\system32\Cache

c:\windows\system32\images

c:\windows\system32\images\i1.gif

c:\windows\system32\images\i2.gif

c:\windows\system32\images\i3.gif

c:\windows\system32\images\j1.gif

c:\windows\system32\images\j2.gif

c:\windows\system32\images\j3.gif

c:\windows\system32\images\jj1.gif

c:\windows\system32\images\jj2.gif

c:\windows\system32\images\jj3.gif

c:\windows\system32\images\l1.gif

c:\windows\system32\images\l2.gif

c:\windows\system32\images\l3.gif

c:\windows\system32\images\pix.gif

c:\windows\system32\images\t1.gif

c:\windows\system32\images\t2.gif

c:\windows\system32\images\up1.gif

c:\windows\system32\images\up2.gif

c:\windows\system32\images\w1.gif

c:\windows\system32\images\w11.gif

c:\windows\system32\images\w2.gif

c:\windows\system32\images\w3.gif

c:\windows\system32\images\w3.jpg

c:\windows\system32\images\wt1.gif

c:\windows\system32\images\wt2.gif

c:\windows\system32\images\wt3.gif

c:\windows\system32\onhelp.htm

c:\windows\system32\sysnet.dat

c:\windows\system32\tapi.nfo

c:\windows\system32\wispex.html

c:\windows\system32\eventlog.dll . . . is infected!!

-- Previous Run --

c:\windows\system32\eventlog.dll . . . is infected!!

--------

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ANTIPPRO2009_100

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Service_AntipPro2009_100

((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))

.

2009-09-23 20:34 . 2009-09-23 20:34 -------- dc----w- C:\_OTM

2009-09-22 21:08 . 2009-09-22 21:08 -------- d-----w- c:\documents and settings\Rose Aguilar\Application Data\Malwarebytes

2009-09-22 18:29 . 2009-09-22 18:29 -------- d-----w- c:\documents and settings\Rose Aguilar\Local Settings\Application Data\PCHealth

2009-09-22 17:57 . 2009-09-22 17:57 -------- dc----w- C:\2ebbd57a0dec90741593d942636374

2009-09-22 17:51 . 2009-09-22 17:51 -------- d-----w- c:\windows\system32\XPSViewer

2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\MSBuild

2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\Reference Assemblies

2009-09-22 17:48 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-22 17:48 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-09-22 17:48 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-22 17:48 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-09-22 17:48 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-09-22 17:48 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-09-22 17:48 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-09-22 17:48 . 2009-09-22 17:49 -------- dc----w- C:\42d6e9535cbf6f4fd62ac0

2009-09-15 16:47 . 2009-09-15 16:48 -------- dc----w- C:\79ef01b9374e7627d395

2009-09-15 16:47 . 2009-09-15 16:47 -------- dc----w- C:\0205a3f3189f07cf516eb5

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-23 21:50 . 2008-10-03 14:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-23 17:00 . 2004-05-21 00:28 54080 ----a-w- c:\documents and settings\Rose Aguilar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-10 20:54 . 2008-10-03 14:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 20:53 . 2008-10-03 14:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-21 11:23 . 2009-08-21 11:23 -------- d-----w- c:\program files\MSXML 6.0

2009-08-17 20:39 . 2004-05-23 22:05 -------- d-----w- c:\documents and settings\Tom Gattis\Application Data\Roxio

2009-08-05 09:11 . 2004-08-04 01:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 02:00 . 2008-12-01 17:32 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT

2009-07-17 18:55 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 08:18 . 2004-08-04 01:07 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 16:18 . 2004-08-04 01:07 659456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll

2005-11-17 16:11 . 2005-11-16 21:26 768 ----a-w- c:\program files\FOXUSER.FPT

2005-11-17 16:11 . 2005-11-16 21:26 713 ----a-w- c:\program files\FOXUSER.DBF

2005-11-16 21:37 . 2005-11-16 21:26 3072 ----a-w- c:\program files\xTmpProjects.CDX

2005-11-16 21:37 . 2005-11-16 21:26 1736 ----a-w- c:\program files\xTmpProjects.DBF

2005-11-16 21:34 . 2005-11-16 21:31 75805 ----a-w- c:\program files\kenny99.DBF

2005-11-16 21:30 . 2005-11-16 21:26 39 ----a-w- c:\program files\PROJECT.MEM

2005-11-16 21:26 . 2005-11-16 21:26 57 ----a-w- c:\program files\kvdates.MEM

2004-10-05 04:45 . 2004-10-05 04:44 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe

2003-03-04 23:28 . 2005-11-16 20:55 30116352 ----a-w- c:\program files\ddmsw210install.exe

2002-09-10 20:49 . 2002-09-10 20:49 305968 ----a-w- c:\program files\DDMSW.msi

2002-09-10 20:49 . 2002-09-10 20:49 969 ----a-w- c:\program files\Setup.INI

2002-09-10 20:43 . 2002-09-10 20:43 1849875 ----a-w- c:\program files\ddmsw.exe

2002-09-09 23:24 . 2002-09-09 23:24 6897 ----a-w- c:\program files\readme.txt

2002-01-15 12:05 . 2002-01-15 12:05 3605 ----a-w- c:\program files\0x0409.ini

2001-10-24 17:00 . 2001-10-24 17:00 4710 ----a-w- c:\program files\License.rtf

2001-05-08 20:04 . 2001-05-08 20:04 1531984 ----a-w- c:\program files\instmsiw.exe

2001-05-08 20:01 . 2001-05-08 20:01 1519696 ----a-w- c:\program files\instmsia.exe

2001-01-22 21:07 . 2005-11-16 20:55 384776 ----a-w- c:\program files\Ddmszip.exe

1997-05-08 19:10 . 2005-11-16 20:54 373666 ----a-w- c:\program files\DDMSINST.EXE

1997-05-08 14:13 . 2005-11-16 20:54 7527 ----a-w- c:\program files\README11.TXT

1995-09-08 22:28 . 2005-11-16 20:54 139776 ----a-w- c:\program files\DDMS Manual.doc

1995-09-08 21:37 . 2005-11-16 20:55 1334 ----a-w- c:\program files\INSTALL.BAT

2003-08-25 21:06 . 2005-12-18 23:56 40960 ----a-w- c:\program files\internet explorer\plugins\ftdwser.dll

.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comctl32.dll

[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\121128\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\43087\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\43988\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\44031\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntfs.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2qfe\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2gdr\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2004-08-04 01:07 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll

[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll

[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll

[-] 2004-08-04 01:07 . !HASH: COULD NOT OPEN FILE !!!!! . 61952 . . [------] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll

[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2gdr\shsvcs.dll

[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2qfe\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aec.sys

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 01:07 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mfc40u.dll

[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\sp2qfe\mfc40u.dll

[-] 2004-08-04 01:07 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2004-08-04 01:07 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mspmsnsv.dll

[-] 2004-08-04 01:07 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-08-04 01:07 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll

[-] 2004-08-04 01:07 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 01:07 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2qfe\upnphost.dll

[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2gdr\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-05-21 2498560]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-19 868352]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-10 188416]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-15 180269]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

c:\documents and settings\Rose Aguilar\Start Menu\Programs\Startup\

hpothb07.dat [2005-8-20 0]

hpothb07.tif [2005-8-20 0]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/21/2006 5:11 PM 58048]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/1/2007 9:54 PM 24652]

S2 AvgCore;AVG6 Kernel;\??\c:\progra~1\Grisoft\AVG6\avgcore.sys --> c:\progra~1\Grisoft\AVG6\avgcore.sys [?]

S2 AvgFsh;AVG6 Rezident Driver;\??\c:\progra~1\Grisoft\AVG6\avgfsh.sys --> c:\progra~1\Grisoft\AVG6\avgfsh.sys [?]

S2 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe --> c:\progra~1\Grisoft\AVG6\avgserv.exe [?]

S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [5/17/2004 8:57 PM 16202]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226ED}

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}

*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

.

Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4095111356.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]

2005-01-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4096822286.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]

2009-09-23 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 04:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.msn.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Win Antivirus Pro - c:\program files\Windows Antivirus Pro\AntiSpyware_Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-23 16:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FETND5BV]

"ImagePath"="system32\DRIVERS\fetnd5bv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FETNDIS]

"ImagePath"="System32\DRIVERS\fetnd5b.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk]

"ImagePath"="System32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gameenum]

"ImagePath"="System32\DRIVERS\gameenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Gpc]

"ImagePath"="System32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gusvc]

"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidServ]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidUsb]

"ImagePath"="System32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpt3xx]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZid412]

"ImagePath"="System32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZipr12]

"ImagePath"="System32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZius12]

"ImagePath"="System32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i8042prt]

"ImagePath"="System32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IDriverT]

"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IISADMIN]

"ImagePath"="c:\windows\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\InetInfo]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelIde]

"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ip6fw]

"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpFilterDriver]

"ImagePath"="System32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpInIp]

"ImagePath"="System32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iPodService]

"ImagePath"="c:\program files\iPod\bin\iPodService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IPSec]

"ImagePath"="System32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IRENUM]

"ImagePath"="System32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kbdclass]

"ImagePath"="System32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\McAfeeFramework]

"ImagePath"="c:\program files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\McShield]

"ImagePath"="\"c:\program files\Network Associates\VirusScan\Mcshield.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\McTaskManager]

"ImagePath"="\"c:\program files\Network Associates\VirusScan\VsTskMgr.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MDM]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mmc_2K]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc]

"ImagePath"="c:\windows\System32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mouclass]

"ImagePath"="System32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mouhid]

"ImagePath"="System32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxDAV]

"ImagePath"="System32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxSmb]

"ImagePath"="System32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC]

"ImagePath"="c:\windows\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServer]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mssmbios]

"ImagePath"="System32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ms_mpu401]

"ImagePath"="system32\drivers\msmpu401.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NaiAvFilter1]

"ImagePath"="system32\drivers\naiavf5x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NaiAvTdi1]

"ImagePath"="system32\drivers\mvstdi5x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisTapi]

"ImagePath"="System32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ndisuio]

"ImagePath"="System32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisWan]

"ImagePath"="System32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBIOS]

"ImagePath"="System32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIC1394]

"ImagePath"="System32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NTFSDRV]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NTSIM]

"ImagePath"="\??\c:\windows\System32\ntsim.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFlt]

"ImagePath"="System32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFwd]

"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ose]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Parport]

"ImagePath"="System32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIIde]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pml Driver HPZ12]

"ImagePath"="c:\windows\System32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PptpMiniport]

"ImagePath"="System32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Processor]

"ImagePath"="System32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSched]

"ImagePath"="System32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ptilink]

"ImagePath"="System32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pwd_2k]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rasl2tp]

"ImagePath"="System32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasPppoe]

"ImagePath"="System32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Raspti]

"ImagePath"="System32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rdbss]

"ImagePath"="System32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rdpdr]

"ImagePath"="System32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\redbook]

"ImagePath"="System32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcSs]

"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ScsiPort]

"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Secdrv]

"ImagePath"="System32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SMTPSVC]

"ImagePath"="c:\windows\System32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNMP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sr]

"ImagePath"="System32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\StillCam]

"ImagePath"="System32\DRIVERS\serscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swenum]

"ImagePath"="System32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{71A97C17-2F02-424C-8A33-A84776EE6478}"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip]

"ImagePath"="System32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermDD]

"ImagePath"="System32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TlntSvr]

"ImagePath"="c:\windows\System32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UdfReadr_xp]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Update]

"ImagePath"="System32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbccgp]

"ImagePath"="System32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbprint]

"ImagePath"="System32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbscan]

"ImagePath"="System32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbstor]

"ImagePath"="System32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ViaIde]

"ImagePath"="System32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VIAudio]

"ImagePath"="system32\drivers\viaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Viewpoint Manager Service]

"ImagePath"="\"c:\program files\Viewpoint\Common\ViewpointService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VNICPKT5]

"ImagePath"="\??\c:\windows\System32\VNICPKT5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W3SVC]

"ImagePath"="%SystemRoot%\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wanarp]

"ImagePath"="System32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock - Google Desktop Search Backup Before First Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock - Google Desktop Search Backup Before Last Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock2 - Google Desktop Search Backup Before First Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock2 - Google Desktop Search Backup Before Last Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMDM PMSP Service]

"ImagePath"="c:\windows\System32\MsPMSPSv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{29FF7F94-A4D6-4963-9ADA-95611EA3B64E}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{84ABA5D9-4A21-402A-BE57-7B59B6850158}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{8A67931E-76EA-4BC6-94AF-A6750C4A16AD}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{9DD74860-395C-42B3-8E38-EE7BA16DA8B0}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{CB161302-4F16-458C-BDE2-01C755F395C8}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{E357B0FA-9736-47AE-9A59-23EA3F26542C}]

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(656)

c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(332)

c:\windows\system32\EntApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\WgaTray.exe

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\Network Associates\VirusScan\Mcshield.exe

c:\program files\Network Associates\VirusScan\VsTskMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe

c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\wscntfy.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\windows\system32\dllhost.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

c:\windows\system32\dllhost.exe

c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

.

**************************************************************************

.

Completion time: 2009-09-23 16:56 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-23 22:56

Pre-Run: 2,485,022,720 bytes free

Post-Run: 3,428,651,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

1256 --- E O F --- 2009-09-23 16:56

Link to post
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Errrr....sorry y'all, I just realized I posted a Combofix log in the HijackThis log section. That about shows where my brain is after a few days of having tried to get rid of this problem. I'm not thinking straight at all.

Is there a better place for this thread?

Link to post
Share on other sites

  • Root Admin

It looks like you may have something else still resident skewing the scan results.

Plesae follow the directions below and we'll try and get you fixed up.

STEP 01

    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup223_slim.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

STEP 02

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

STEP 03

RootRepeal - Rootkit Detector

    Close ALL applications and as many items in the task tray that will stop and exit.

  • Please download the following tool:
    RootRepeal - Rootkit Detector

  • Direct download link is here:
    RootRepeal.rar

  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here:
    WinRAR

  • Extract the program file to a new folder such as
    C:\RootRepeal

  • Run the program
    RootRepeal.exe
    and go to the
    REPORT
    tab and click on the
    Scan
    button

  • Select
    ALL
    of the checkboxes and then click
    OK
    and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

  • When done, click on
    Save Report

  • Save it to the same location where you ran it from, such as
    C:\RootRepeal

  • Save it as
    your_name_rootrepeal.txt
    - where your_name is your
    forum name

  • This makes it more easy to track who the log belongs to.

  • Then open that log and select all and copy/paste it back on your next reply please.

  • Quit the RootRepeal program.

Link to post
Share on other sites

Thank you so much Advanced. I really appreciate the help.

Anyway, I followed all your instructions to the letter, and have pasted the log below. I only had one problem where when you said to check all the boxes, after clicking on scan in RootRepeal, I was not presented any option to check any boxes after clicking Scan. I hope that didn't mess anything up. Anyway, here's the log file:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/09/28 09:31

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF780F000 Size: 53248 File Visible: - Signed: -

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF77A0000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xF3E1C000 Size: 138368 File Visible: - Signed: -

Status: -

Name: AFS2K.SYS

Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS

Address: 0xF78AF000 Size: 38528 File Visible: - Signed: -

Status: -

Name: agp440.sys

Image Path: agp440.sys

Address: 0xF786F000 Size: 42368 File Visible: - Signed: -

Status: -

Name: ALCXWDM.SYS

Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS

Address: 0xF61ED000 Size: 730752 File Visible: - Signed: -

Status: -

Name: AN983.sys

Image Path: C:\WINDOWS\System32\DRIVERS\AN983.sys

Address: 0xF6BC1000 Size: 36224 File Visible: - Signed: -

Status: -

Name: arp1394.sys

Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys

Address: 0xF79CF000 Size: 60800 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF7732000 Size: 95360 File Visible: - Signed: -

Status: -

Name: ati2cqag.dll

Image Path: C:\WINDOWS\System32\ati2cqag.dll

Address: 0xBFA0B000 Size: 229376 File Visible: - Signed: -

Status: -

Name: ati2dvag.dll

Image Path: C:\WINDOWS\System32\ati2dvag.dll

Address: 0xBF9D5000 Size: 221184 File Visible: - Signed: -

Status: -

Name: ati2mtag.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ati2mtag.sys

Address: 0xF6308000 Size: 815104 File Visible: - Signed: -

Status: -

Name: ati3d1ag.dll

Image Path: C:\WINDOWS\System32\ati3d1ag.dll

Address: 0xBFA43000 Size: 872448 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys

Address: 0xF7E9F000 Size: 3072 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7D1F000 Size: 4224 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7BFF000 Size: 12288 File Visible: - Signed: -

Status: -

Name: bridge.sys

Image Path: C:\WINDOWS\System32\DRIVERS\bridge.sys

Address: 0xF61B7000 Size: 71552 File Visible: - Signed: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xF3255000 Size: 63744 File Visible: - Signed: -

Status: -

Name: Cdr4_xp.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS

Address: 0xF7DE9000 Size: 2432 File Visible: - Signed: -

Status: -

Name: Cdralw2k.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS

Address: 0xF7E35000 Size: 2560 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Address: 0xF78BF000 Size: 49536 File Visible: - Signed: -

Status: -

Name: cdudf_xp.SYS

Image Path: C:\WINDOWS\System32\Drivers\cdudf_xp.SYS

Address: 0xF3F2A000 Size: 259456 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Address: 0xF784F000 Size: 53248 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF783F000 Size: 36352 File Visible: - Signed: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF774A000 Size: 153344 File Visible: - Signed: -

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF7CF7000 Size: 5888 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF78DF000 Size: 61440 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF3CFE000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7D95000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xF60EE000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7DF2000 Size: 4096 File Visible: - Signed: -

Status: -

Name: EntDrv51.sys

Image Path: C:\WINDOWS\system32\drivers\EntDrv51.sys

Address: 0xF2EB8000 Size: 8320 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xF3D16000 Size: 143360 File Visible: - Signed: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xF7B5F000 Size: 27392 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF79AF000 Size: 34944 File Visible: - Signed: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys

Address: 0xF7B87000 Size: 20480 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF7713000 Size: 124800 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7D1D000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF7770000 Size: 125056 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806EC000 Size: 131968 File Visible: - Signed: -

Status: -

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xF2F04000 Size: 262784 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys

Address: 0xF6BB1000 Size: 52736 File Visible: - Signed: -

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF6B91000 Size: 41856 File Visible: - Signed: -

Status: -

Name: intelide.sys

Image Path: intelide.sys

Address: 0xF7CF5000 Size: 5504 File Visible: - Signed: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xF3D39000 Size: 134912 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys

Address: 0xF3EBE000 Size: 74752 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF77EF000 Size: 35840 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys

Address: 0xF7B4F000 Size: 24576 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7CEF000 Size: 8192 File Visible: - Signed: -

Status: -

Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xF2A35000 Size: 171776 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys

Address: 0xF62BD000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF76EA000 Size: 92032 File Visible: - Signed: -

Status: -

Name: mmc_2K.SYS

Image Path: C:\WINDOWS\System32\Drivers\mmc_2K.SYS

Address: 0xF7B7F000 Size: 21504 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7D21000 Size: 4224 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys

Address: 0xF7B57000 Size: 23040 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF781F000 Size: 42240 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys

Address: 0xF3939000 Size: 181248 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

Address: 0xF3D5A000 Size: 453632 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF7BA7000 Size: 19072 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys

Address: 0xF791F000 Size: 35072 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys

Address: 0xF75D5000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7615000 Size: 107904 File Visible: - Signed: -

Status: -

Name: mvstdi5x.sys

Image Path: C:\WINDOWS\system32\drivers\mvstdi5x.sys

Address: 0xF798F000 Size: 58048 File Visible: - Signed: -

Status: -

Name: naiavf5x.sys

Image Path: C:\WINDOWS\system32\drivers\naiavf5x.sys

Address: 0xF2DF9000 Size: 108256 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF7630000 Size: 182912 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys

Address: 0xF75ED000 Size: 9600 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys

Address: 0xF3BDA000 Size: 12928 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys

Address: 0xF61A0000 Size: 91776 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF793F000 Size: 38016 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys

Address: 0xF799F000 Size: 34560 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys

Address: 0xF3E3E000 Size: 162816 File Visible: - Signed: -

Status: -

Name: nic1394.sys

Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys

Address: 0xF6BD1000 Size: 61824 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7BAF000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF765D000 Size: 574592 File Visible: - Signed: -

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7E36000 Size: 2944 File Visible: - Signed: -

Status: -

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF77FF000 Size: 61056 File Visible: - Signed: -

Status: -

Name: parport.sys

Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys

Address: 0xF62E0000 Size: 80128 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7A77000 Size: 18688 File Visible: - Signed: -

Status: -

Name: ParVdm.SYS

Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS

Address: 0xF7D47000 Size: 6784 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF778F000 Size: 68224 File Visible: - Signed: -

Status: -

Name: PCIIde.sys

Image Path: PCIIde.sys

Address: 0xF7DB7000 Size: 3328 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS

Address: 0xF7A6F000 Size: 28672 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xF61C9000 Size: 147456 File Visible: - Signed: -

Status: -

Name: processr.sys

Image Path: C:\WINDOWS\System32\DRIVERS\processr.sys

Address: 0xF6BE1000 Size: 35328 File Visible: - Signed: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys

Address: 0xF618F000 Size: 69120 File Visible: - Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys

Address: 0xF7B6F000 Size: 17792 File Visible: - Signed: -

Status: -

Name: pwd_2k.SYS

Image Path: C:\WINDOWS\System32\Drivers\pwd_2k.SYS

Address: 0xF62A0000 Size: 116480 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF785F000 Size: 35680 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys

Address: 0xF6416000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys

Address: 0xF78EF000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys

Address: 0xF78FF000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys

Address: 0xF790F000 Size: 48384 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys

Address: 0xF7B77000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys

Address: 0xF3DF1000 Size: 174592 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7D23000 Size: 4224 File Visible: - Signed: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys

Address: 0xF615E000 Size: 196864 File Visible: - Signed: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys

Address: 0xF78CF000 Size: 57472 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xF3385000 Size: 49152 File Visible: No Signed: -

Status: -

Name: serenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys

Address: 0xF7CDF000 Size: 15488 File Visible: - Signed: -

Status: -

Name: serial.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys

Address: 0xF6BA1000 Size: 64896 File Visible: - Signed: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF7701000 Size: 73472 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys

Address: 0xF381F000 Size: 333184 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys

Address: 0xF7D19000 Size: 4352 File Visible: - Signed: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xF39EE000 Size: 60800 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys

Address: 0xF3E66000 Size: 360320 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS

Address: 0xF7B67000 Size: 20480 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys

Address: 0xF792F000 Size: 40704 File Visible: - Signed: -

Status: -

Name: UdfReadr_xp.SYS

Image Path: C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS

Address: 0xF3EE3000 Size: 213120 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\System32\DRIVERS\update.sys

Address: 0xF612A000 Size: 209408 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7D1B000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF7B47000 Size: 26624 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF794F000 Size: 57600 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF63CF000 Size: 143360 File Visible: - Signed: -

Status: -

Name: USBSTOR.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

Address: 0xF7B97000 Size: 26496 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF7B3F000 Size: 20480 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7B9F000 Size: 20992 File Visible: - Signed: -

Status: -

Name: viaide.sys

Image Path: viaide.sys

Address: 0xF7CF3000 Size: 5376 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS

Address: 0xF62F4000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF782F000 Size: 52352 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys

Address: 0xF79BF000 Size: 34560 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF7A9F000 Size: 20480 File Visible: - Signed: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xF37BA000 Size: 82944 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys:1

Image Path: C:\WINDOWS\win32k.sys:1

Address: 0xF7BB7000 Size: 20480 File Visible: No Signed: -

Status: -

Name: win32k.sys:2

Image Path: C:\WINDOWS\win32k.sys:2

Address: 0xF3FDA000 Size: 61440 File Visible: No Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7CF1000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Link to post
Share on other sites

  • Root Admin

STEP 01

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::
Driver::
win32k.sys:1
win32k.sys:2
File::
C:\WINDOWS\win32k.sys

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply

Link to post
Share on other sites

K......well I did everything just as you posted up through clicking ok/yes to the disclaimer just prior to beginning the ComboFix scan. The scan started and its still on the same screen--the one ending with "....with a heavily infected computer scan times may easily double." But its going on 3 hours now, on that same screen. I can't see the HDD light, but the cursor is still flashing.

I wouldn't be at all concerned normally, except that the first time I ran ComboFix it didn't take this long to get past this screen.

So, do you think everything is still on track?

Link to post
Share on other sites

No, doesn't sound like it. Shut down the PC and see if it starts back up on its own or not.

If not then delete that copy and make sure you AV is disabled and download and run a new copy again.

K....Well I did what you asked and again, same result. So this time I looked at the CFscript file on the hunch that maybe I missed something in my copy and paste of the code. Everything was there though, except the skipped lines. So, I went back in, edited the file to include the skipped lines, and am running it again--after having shutdown, rebooted and deleted the old copy of ComboFix of course.

Link to post
Share on other sites

Okay, please run the MBAM update and scan and see if it can remove it then.

Hey Advanced, thanks again for all your help.

I tried installing MalwareBytes again, and it installed fine. But upon selecting quick scan, and then clicking the scan button, the whole program crashed after about 5 secs, just the same as it has been doing.

Link to post
Share on other sites

Hey Advanced, thanks again for all your help.

I tried installing MalwareBytes again, and it installed fine. But upon selecting quick scan, and then clicking the scan button, the whole program crashed after about 5 secs, just the same as it has been doing.

Also, I dunno what the deal is. I mean, ComboFix seemed to run fine when I just clicked on the icon--the first time I ran it that is, the run that generated the log in my very first post, starting this thread.

And I don't know if this matters, but I also tried using ProcExplorer to kill the entire Explorer Process Tree, prior to running the ComboFix scan that you told me to run. That killed most things in the tree, including ProcExplorer, but there were still icons left in the system tray.

Link to post
Share on other sites

  • Root Admin

Please try to rename MBAM.EXE to MBAM.COM or svchost.exe and see if it will run or not.

Reconfigure Windows XP to show hidden files:

To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.

* Double-click on the My Computer icon.

* Select the Tools menu and click Folder Options.

* After the new window appears select the View tab.

* Put a checkmark in the checkbox labeled Display the contents of system folders.

* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

* Remove the checkmark from the checkbox labeled Hide protected operating system files.

* Press the Apply button and then the OK button and exit My Computer.

* Now your computer is configured to show all hidden files.

Link to post
Share on other sites

Please try to rename MBAM.EXE to MBAM.COM or svchost.exe and see if it will run or not.

Reconfigure Windows XP to show hidden files:

To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.

* Double-click on the My Computer icon.

* Select the Tools menu and click Folder Options.

* After the new window appears select the View tab.

* Put a checkmark in the checkbox labeled Display the contents of system folders.

* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

* Remove the checkmark from the checkbox labeled Hide protected operating system files.

* Press the Apply button and then the OK button and exit My Computer.

* Now your computer is configured to show all hidden files.

K, regarding the renaming of MBAM.EXE, I tried and it would not work. It said access denied.

Regarding the rest of your instructions, I followed all of them as per your instruction.

Link to post
Share on other sites

  • Root Admin

Okay let's try this tool one more time.

Download and run Win32kDiag:

  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

Go to start > run and copy and paste the following command in the field:

"%userprofile%\desktop\win32kdiag.exe" -f -r

This should restore permissions on locked files and remove mountpoints.

You also try to change the permissions on the MBAM.EXE file.

Open My Computer and browse to "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" and right click over it and choose PROPERTIES

Then click on the SECURITY tab, then click on the Advanced tab. Make sure Administrators is set to FULL CONTROL

Then go to the OWNER tab.

Highlight the ADMINISTRATORS name there and click on OK

Then see if you can rename MBAM.EXE to MBAM.COM and run it.

Link to post
Share on other sites

Okay, I ran Win32kdiag.exe and have pasted the results below:

Running from: C:\Documents and Settings\Rose Aguilar\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Rose Aguilar\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 18:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-03 19:07:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-03 19:07:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-03 19:07:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

Finished!

Now, as to changing the file permissions, there is no Security tab that comes up when I follow your instructions. The user name I am logged in under is a member of the Administrators group. And the OS is XP.

Link to post
Share on other sites

Please click on START - RUN and type in WINVER and tell me what Service Pack it says you're running.

Click on START - RUN and type in CMD and hit OK

In the DOS box type in chkntfs c:

Then post back here what it says.

K, WINVER returns Service Pack 2.

And chkntfs returns:

The type of file system is NTFS

C: is not dirty

Link to post
Share on other sites

K... Reran ComboFix as per your instructions, and the following logfile was generated:

ComboFix 09-09-29.02 - Rose Aguilar 09/29/2009 23:10.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.377 [GMT -6:00]

Running from: c:\documents and settings\Rose Aguilar\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\132b267.msp

c:\windows\Installer\17949b1.msp

c:\windows\Installer\31214d1.msp

c:\windows\system32\eventlog.dll . . . is infected!!

-- Previous Run --

c:\windows\system32\eventlog.dll . . . is infected!!

--------

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))

.

2009-09-30 04:17 . 2008-04-14 11:00 56320 -c--a-w- C:\Windows System32 eventlog.dll

2009-09-28 15:29 . 2009-09-28 15:31 -------- dc----w- C:\RootRepeal

2009-09-28 15:13 . 2009-09-28 15:13 -------- d-----w- c:\program files\CCleaner

2009-09-23 20:34 . 2009-09-23 20:34 -------- dc----w- C:\_OTM

2009-09-22 21:08 . 2009-09-22 21:08 -------- d-----w- c:\documents and settings\Rose Aguilar\Application Data\Malwarebytes

2009-09-22 18:29 . 2009-09-22 18:29 -------- d-----w- c:\documents and settings\Rose Aguilar\Local Settings\Application Data\PCHealth

2009-09-22 17:57 . 2009-09-22 17:57 -------- dc----w- C:\2ebbd57a0dec90741593d942636374

2009-09-22 17:51 . 2009-09-22 17:51 -------- d-----w- c:\windows\system32\XPSViewer

2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\MSBuild

2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\Reference Assemblies

2009-09-22 17:48 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-22 17:48 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-09-22 17:48 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-22 17:48 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-09-22 17:48 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-09-22 17:48 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-09-22 17:48 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-09-22 17:48 . 2009-09-22 17:49 -------- dc----w- C:\42d6e9535cbf6f4fd62ac0

2009-09-15 16:47 . 2009-09-15 16:48 -------- dc----w- C:\79ef01b9374e7627d395

2009-09-15 16:47 . 2009-09-15 16:47 -------- dc----w- C:\0205a3f3189f07cf516eb5

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-30 00:39 . 2008-10-03 14:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-28 15:17 . 2004-09-19 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-23 17:00 . 2004-05-21 00:28 54080 ----a-w- c:\documents and settings\Rose Aguilar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-10 20:54 . 2008-10-03 14:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 20:53 . 2008-10-03 14:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-21 11:23 . 2009-08-21 11:23 -------- d-----w- c:\program files\MSXML 6.0

2009-08-17 20:39 . 2004-05-23 22:05 -------- d-----w- c:\documents and settings\Tom Gattis\Application Data\Roxio

2009-08-05 09:11 . 2004-08-04 01:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 02:00 . 2008-12-01 17:32 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT

2009-07-17 18:55 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 08:18 . 2004-08-04 01:07 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2005-11-17 16:11 . 2005-11-16 21:26 768 ----a-w- c:\program files\FOXUSER.FPT

2005-11-17 16:11 . 2005-11-16 21:26 713 ----a-w- c:\program files\FOXUSER.DBF

2005-11-16 21:37 . 2005-11-16 21:26 3072 ----a-w- c:\program files\xTmpProjects.CDX

2005-11-16 21:37 . 2005-11-16 21:26 1736 ----a-w- c:\program files\xTmpProjects.DBF

2005-11-16 21:34 . 2005-11-16 21:31 75805 ----a-w- c:\program files\kenny99.DBF

2005-11-16 21:30 . 2005-11-16 21:26 39 ----a-w- c:\program files\PROJECT.MEM

2005-11-16 21:26 . 2005-11-16 21:26 57 ----a-w- c:\program files\kvdates.MEM

2004-10-05 04:45 . 2004-10-05 04:44 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe

2003-03-04 23:28 . 2005-11-16 20:55 30116352 ----a-w- c:\program files\ddmsw210install.exe

2002-09-10 20:49 . 2002-09-10 20:49 305968 ----a-w- c:\program files\DDMSW.msi

2002-09-10 20:49 . 2002-09-10 20:49 969 ----a-w- c:\program files\Setup.INI

2002-09-10 20:43 . 2002-09-10 20:43 1849875 ----a-w- c:\program files\ddmsw.exe

2002-09-09 23:24 . 2002-09-09 23:24 6897 ----a-w- c:\program files\readme.txt

2002-01-15 12:05 . 2002-01-15 12:05 3605 ----a-w- c:\program files\0x0409.ini

2001-10-24 17:00 . 2001-10-24 17:00 4710 ----a-w- c:\program files\License.rtf

2001-05-08 20:04 . 2001-05-08 20:04 1531984 ----a-w- c:\program files\instmsiw.exe

2001-05-08 20:01 . 2001-05-08 20:01 1519696 ----a-w- c:\program files\instmsia.exe

2001-01-22 21:07 . 2005-11-16 20:55 384776 ----a-w- c:\program files\Ddmszip.exe

1997-05-08 19:10 . 2005-11-16 20:54 373666 ----a-w- c:\program files\DDMSINST.EXE

1997-05-08 14:13 . 2005-11-16 20:54 7527 ----a-w- c:\program files\README11.TXT

1995-09-08 22:28 . 2005-11-16 20:54 139776 ----a-w- c:\program files\DDMS Manual.doc

1995-09-08 21:37 . 2005-11-16 20:55 1334 ----a-w- c:\program files\INSTALL.BAT

2003-08-25 21:06 . 2005-12-18 23:56 40960 ----a-w- c:\program files\internet explorer\plugins\ftdwser.dll

.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comctl32.dll

[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\121128\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\43087\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\43988\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\44031\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntfs.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2qfe\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2gdr\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2004-08-04 01:07 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll

[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll

[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll

[-] 2004-08-04 01:07 . !HASH: COULD NOT OPEN FILE !!!!! . 61952 . . [------] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll

[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2gdr\shsvcs.dll

[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2qfe\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aec.sys

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 01:07 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mfc40u.dll

[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\sp2qfe\mfc40u.dll

[-] 2004-08-04 01:07 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2004-08-04 01:07 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mspmsnsv.dll

[-] 2004-08-04 01:07 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-08-04 01:07 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll

[-] 2004-08-04 01:07 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 01:07 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2qfe\upnphost.dll

[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2gdr\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-09-23_22.47.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_PerfCounter.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorsn.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_CORPerfMonExt.dll

+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_PerfCounter.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorsn.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_CORPerfMonExt.dll

+ 2009-01-19 10:00 . 2009-09-30 05:27 224755 c:\windows\system32\inetsrv\MetaBase.bin

+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_msvcr71.dll

+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorjit.dll

+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_fusion.dll

+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_aspnet_isapi.dll

+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_msvcr71.dll

+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorjit.dll

+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_fusion.dll

+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_aspnet_isapi.dll

+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorwks.dll

+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorsvr.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorlib.dll

+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorwks.dll

+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorsvr.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorlib.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-05-21 2498560]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-19 868352]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-10 188416]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-15 180269]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

c:\documents and settings\Rose Aguilar\Start Menu\Programs\Startup\

hpothb07.dat [2005-8-20 0]

hpothb07.tif [2005-8-20 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/21/2006 5:11 PM 58048]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/1/2007 9:54 PM 24652]

S2 AvgCore;AVG6 Kernel;\??\c:\progra~1\Grisoft\AVG6\avgcore.sys --> c:\progra~1\Grisoft\AVG6\avgcore.sys [?]

S2 AvgFsh;AVG6 Rezident Driver;\??\c:\progra~1\Grisoft\AVG6\avgfsh.sys --> c:\progra~1\Grisoft\AVG6\avgfsh.sys [?]

S2 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe --> c:\progra~1\Grisoft\AVG6\avgserv.exe [?]

S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [5/17/2004 8:57 PM 16202]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226ED}

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}

*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

.

Contents of the 'Scheduled Tasks' folder

2009-09-29 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4095111356.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]

2005-01-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4096822286.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]

2009-09-30 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 04:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.msn.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-29 23:27

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FETND5BV]

"ImagePath"="system32\DRIVERS\fetnd5bv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FETNDIS]

"ImagePath"="System32\DRIVERS\fetnd5b.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk]

"ImagePath"="System32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gameenum]

"ImagePath"="System32\DRIVERS\gameenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Gpc]

"ImagePath"="System32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gusvc]

"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidServ]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidUsb]

"ImagePath"="System32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpt3xx]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZid412]

"ImagePath"="System32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZipr12]

"ImagePath"="System32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZius12]

"ImagePath"="System32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i8042prt]

"ImagePath"="System32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IDriverT]

"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IISADMIN]

"ImagePath"="c:\windows\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\InetInfo]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelIde]

"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ip6fw]

"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpFilterDriver]

"ImagePath"="System32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpInIp]

"ImagePath"="System32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iPodService]

"ImagePath"="c:\program files\iPod\bin\iPodService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IPSec]

"ImagePath"="System32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IRENUM]

"ImagePath"="System32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kbdclass]

"ImagePath"="System32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\McAfeeFramework]

"ImagePath"="c:\program files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\McShield]

"ImagePath"="\"c:\program files\Network Associates\VirusScan\Mcshield.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\McTaskManager]

"ImagePath"="\"c:\program files\Network Associates\VirusScan\VsTskMgr.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MDM]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mmc_2K]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc]

"ImagePath"="c:\windows\System32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mouclass]

"ImagePath"="System32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mouhid]

"ImagePath"="System32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxDAV]

"ImagePath"="System32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxSmb]

"ImagePath"="System32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC]

"ImagePath"="c:\windows\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServer]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mssmbios]

"ImagePath"="System32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ms_mpu401]

"ImagePath"="system32\drivers\msmpu401.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NaiAvFilter1]

"ImagePath"="system32\drivers\naiavf5x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NaiAvTdi1]

"ImagePath"="system32\drivers\mvstdi5x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisTapi]

"ImagePath"="System32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ndisuio]

"ImagePath"="System32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisWan]

"ImagePath"="System32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBIOS]

"ImagePath"="System32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIC1394]

"ImagePath"="System32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NTFSDRV]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NTSIM]

"ImagePath"="\??\c:\windows\System32\ntsim.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFlt]

"ImagePath"="System32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFwd]

"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ose]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Parport]

"ImagePath"="System32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIIde]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pml Driver HPZ12]

"ImagePath"="c:\windows\System32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PptpMiniport]

"ImagePath"="System32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Processor]

"ImagePath"="System32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSched]

"ImagePath"="System32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ptilink]

"ImagePath"="System32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pwd_2k]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rasl2tp]

"ImagePath"="System32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasPppoe]

"ImagePath"="System32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Raspti]

"ImagePath"="System32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rdbss]

"ImagePath"="System32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rdpdr]

"ImagePath"="System32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\redbook]

"ImagePath"="System32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcSs]

"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ScsiPort]

"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Secdrv]

"ImagePath"="System32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SMTPSVC]

"ImagePath"="c:\windows\System32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNMP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sr]

"ImagePath"="System32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\StillCam]

"ImagePath"="System32\DRIVERS\serscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swenum]

"ImagePath"="System32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{71A97C17-2F02-424C-8A33-A84776EE6478}"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip]

"ImagePath"="System32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermDD]

"ImagePath"="System32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TlntSvr]

"ImagePath"="c:\windows\System32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UdfReadr_xp]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Update]

"ImagePath"="System32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbccgp]

"ImagePath"="System32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbprint]

"ImagePath"="System32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbscan]

"ImagePath"="System32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbstor]

"ImagePath"="System32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ViaIde]

"ImagePath"="System32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VIAudio]

"ImagePath"="system32\drivers\viaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Viewpoint Manager Service]

"ImagePath"="\"c:\program files\Viewpoint\Common\ViewpointService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VNICPKT5]

"ImagePath"="\??\c:\windows\System32\VNICPKT5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W3SVC]

"ImagePath"="%SystemRoot%\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wanarp]

"ImagePath"="System32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock - Google Desktop Search Backup Before First Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock - Google Desktop Search Backup Before Last Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock2 - Google Desktop Search Backup Before First Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock2 - Google Desktop Search Backup Before Last Install]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMDM PMSP Service]

"ImagePath"="c:\windows\System32\MsPMSPSv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{29FF7F94-A4D6-4963-9ADA-95611EA3B64E}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{84ABA5D9-4A21-402A-BE57-7B59B6850158}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{8A67931E-76EA-4BC6-94AF-A6750C4A16AD}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{9DD74860-395C-42B3-8E38-EE7BA16DA8B0}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{CB161302-4F16-458C-BDE2-01C755F395C8}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{E357B0FA-9736-47AE-9A59-23EA3F26542C}]

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)

c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(1752)

c:\windows\system32\EntApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\WgaTray.exe

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\Network Associates\VirusScan\Mcshield.exe

c:\program files\Network Associates\VirusScan\VsTskMgr.exe

c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\wscntfy.exe

c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\windows\system32\msiexec.exe

.

**************************************************************************

.

Completion time: 2009-09-30 23:40 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-30 05:39

ComboFix2.txt 2009-09-23 22:56

Pre-Run: 3,350,106,112 bytes free

Post-Run: 3,330,379,776 bytes free

839 --- E O F --- 2009-09-30 05:34

Link to post
Share on other sites

I was afraid of that. Let me get the correct stuff for your computer and I'll get back to you tomorrow on it.

ComboFix 09-09-29.04 - Rose Aguilar 09/30/2009 8:43.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.478 [GMT -6:00]

Running from: c:\documents and settings\Rose Aguilar\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\721af.msp

c:\windows\Installer\c63b60.msp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))

.

2009-09-30 14:35 . 2009-09-30 14:37 -------- dc----w- C:\NEW02

2009-09-30 04:17 . 2008-04-14 11:00 56320 -c--a-w- C:\Windows System32 eventlog.dll

2009-09-28 15:29 . 2009-09-28 15:31 -------- dc----w- C:\RootRepeal

2009-09-28 15:13 . 2009-09-28 15:13 -------- d-----w- c:\program files\CCleaner

2009-09-23 20:34 . 2009-09-23 20:34 -------- dc----w- C:\_OTM

2009-09-22 21:08 . 2009-09-22 21:08 -------- d-----w- c:\documents and settings\Rose Aguilar\Application Data\Malwarebytes

2009-09-22 18:29 . 2009-09-22 18:29 -------- d-----w- c:\documents and settings\Rose Aguilar\Local Settings\Application Data\PCHealth

2009-09-22 17:57 . 2009-09-22 17:57 -------- dc----w- C:\2ebbd57a0dec90741593d942636374

2009-09-22 17:51 . 2009-09-22 17:51 -------- d-----w- c:\windows\system32\XPSViewer

2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\MSBuild

2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\Reference Assemblies

2009-09-22 17:48 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-22 17:48 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-09-22 17:48 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-22 17:48 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-09-22 17:48 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-09-22 17:48 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-09-22 17:48 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-09-22 17:48 . 2009-09-22 17:49 -------- dc----w- C:\42d6e9535cbf6f4fd62ac0

2009-09-15 16:47 . 2009-09-15 16:48 -------- dc----w- C:\79ef01b9374e7627d395

2009-09-15 16:47 . 2009-09-15 16:47 -------- dc----w- C:\0205a3f3189f07cf516eb5

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-30 00:39 . 2008-10-03 14:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-28 15:17 . 2004-09-19 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-23 17:00 . 2004-05-21 00:28 54080 ----a-w- c:\documents and settings\Rose Aguilar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-10 20:54 . 2008-10-03 14:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 20:53 . 2008-10-03 14:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-21 11:23 . 2009-08-21 11:23 -------- d-----w- c:\program files\MSXML 6.0

2009-08-17 20:39 . 2004-05-23 22:05 -------- d-----w- c:\documents and settings\Tom Gattis\Application Data\Roxio

2009-08-05 09:11 . 2004-08-04 01:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 02:00 . 2008-12-01 17:32 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT

2009-07-17 18:55 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 08:18 . 2004-08-04 01:07 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2005-11-17 16:11 . 2005-11-16 21:26 768 ----a-w- c:\program files\FOXUSER.FPT

2005-11-17 16:11 . 2005-11-16 21:26 713 ----a-w- c:\program files\FOXUSER.DBF

2005-11-16 21:37 . 2005-11-16 21:26 3072 ----a-w- c:\program files\xTmpProjects.CDX

2005-11-16 21:37 . 2005-11-16 21:26 1736 ----a-w- c:\program files\xTmpProjects.DBF

2005-11-16 21:34 . 2005-11-16 21:31 75805 ----a-w- c:\program files\kenny99.DBF

2005-11-16 21:30 . 2005-11-16 21:26 39 ----a-w- c:\program files\PROJECT.MEM

2005-11-16 21:26 . 2005-11-16 21:26 57 ----a-w- c:\program files\kvdates.MEM

2004-10-05 04:45 . 2004-10-05 04:44 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe

2003-03-04 23:28 . 2005-11-16 20:55 30116352 ----a-w- c:\program files\ddmsw210install.exe

2002-09-10 20:49 . 2002-09-10 20:49 305968 ----a-w- c:\program files\DDMSW.msi

2002-09-10 20:49 . 2002-09-10 20:49 969 ----a-w- c:\program files\Setup.INI

2002-09-10 20:43 . 2002-09-10 20:43 1849875 ----a-w- c:\program files\ddmsw.exe

2002-09-09 23:24 . 2002-09-09 23:24 6897 ----a-w- c:\program files\readme.txt

2002-01-15 12:05 . 2002-01-15 12:05 3605 ----a-w- c:\program files\0x0409.ini

2001-10-24 17:00 . 2001-10-24 17:00 4710 ----a-w- c:\program files\License.rtf

2001-05-08 20:04 . 2001-05-08 20:04 1531984 ----a-w- c:\program files\instmsiw.exe

2001-05-08 20:01 . 2001-05-08 20:01 1519696 ----a-w- c:\program files\instmsia.exe

2001-01-22 21:07 . 2005-11-16 20:55 384776 ----a-w- c:\program files\Ddmszip.exe

1997-05-08 19:10 . 2005-11-16 20:54 373666 ----a-w- c:\program files\DDMSINST.EXE

1997-05-08 14:13 . 2005-11-16 20:54 7527 ----a-w- c:\program files\README11.TXT

1995-09-08 22:28 . 2005-11-16 20:54 139776 ----a-w- c:\program files\DDMS Manual.doc

1995-09-08 21:37 . 2005-11-16 20:55 1334 ----a-w- c:\program files\INSTALL.BAT

2003-08-25 21:06 . 2005-12-18 23:56 40960 ----a-w- c:\program files\internet explorer\plugins\ftdwser.dll

.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comctl32.dll

[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\121128\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\43087\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\43988\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\44031\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntfs.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2qfe\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2gdr\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2004-08-04 01:07 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll

[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll

[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll

[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll

[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2gdr\shsvcs.dll

[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2qfe\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aec.sys

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 01:07 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mfc40u.dll

[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\sp2qfe\mfc40u.dll

[-] 2004-08-04 01:07 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2004-08-04 01:07 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mspmsnsv.dll

[-] 2004-08-04 01:07 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-08-04 01:07 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll

[-] 2004-08-04 01:07 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 01:07 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2qfe\upnphost.dll

[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2gdr\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-09-23_22.47.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_PerfCounter.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorsn.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_CORPerfMonExt.dll

+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_PerfCounter.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_mscorsn.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_CORPerfMonExt.dll

+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_PerfCounter.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorsn.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_CORPerfMonExt.dll

- 2009-01-19 10:00 . 2009-09-23 22:41 224752 c:\windows\system32\inetsrv\MetaBase.bin

+ 2009-01-19 10:00 . 2009-09-30 15:00 224752 c:\windows\system32\inetsrv\MetaBase.bin

+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_msvcr71.dll

+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorjit.dll

+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_fusion.dll

+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_aspnet_isapi.dll

+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_msvcr71.dll

+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_mscorjit.dll

+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_fusion.dll

+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_aspnet_isapi.dll

+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_msvcr71.dll

+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorjit.dll

+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_fusion.dll

+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_aspnet_isapi.dll

+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorwks.dll

+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorsvr.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3880\_mscorlib.dll

+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_mscorwks.dll

+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_mscorsvr.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3380\_mscorlib.dll

+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorwks.dll

+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorsvr.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2840\_mscorlib.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-05-21 2498560]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-19 868352]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-10 188416]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-15 180269]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

c:\documents and settings\Rose Aguilar\Start Menu\Programs\Startup\

hpothb07.dat [2005-8-20 0]

hpothb07.tif [2005-8-20 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/21/2006 5:11 PM 58048]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/1/2007 9:54 PM 24652]

S2 AvgCore;AVG6 Kernel;\??\c:\progra~1\Grisoft\AVG6\avgcore.sys --> c:\progra~1\Grisoft\AVG6\avgcore.sys [?]

S2 AvgFsh;AVG6 Rezident Driver;\??\c:\progra~1\Grisoft\AVG6\avgfsh.sys --> c:\progra~1\Grisoft\AVG6\avgfsh.sys [?]

S2 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe --> c:\progra~1\Grisoft\AVG6\avgserv.exe [?]

S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [5/17/2004 8:57 PM 16202]

.

Contents of the 'Scheduled Tasks' folder

2009-09-29 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4095111356.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]

2005-01-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4096822286.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]

2009-09-30 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 04:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.msn.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-30 09:06

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)

c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(3072)

c:\windows\system32\EntApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\Network Associates\VirusScan\Mcshield.exe

c:\program files\Network Associates\VirusScan\VsTskMgr.exe

c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\MsPMSPSv.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\WgaTray.exe

c:\windows\system32\wscntfy.exe

c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

.

**************************************************************************

.

Completion time: 2009-09-30 9:14 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-30 15:14

ComboFix2.txt 2009-09-30 05:40

ComboFix3.txt 2009-09-23 22:56

Pre-Run: 3,617,660,928 bytes free

Post-Run: 3,607,994,368 bytes free

423 --- E O F --- 2009-09-30 09:17

Link to post
Share on other sites

  • Root Admin

You have both AVG Anti-Virus running and McAfee Anti-Virus running. You can only have one AV running at a time.

The AVG looks to be quite old based on the folder containing the name 6 in it and they're now at version 8.5

I would highly recommend FULL removal of both products for now and then install Avira free version until we get done fixing this computer.

For now please remove both AV products and then run a new MBAM Quick Scan and post back the new log on your next reply.

Then install Avira AV and update it and do a Full Scan and let me know what it finds.

Link to post
Share on other sites

You have both AVG Anti-Virus running and McAfee Anti-Virus running. You can only have one AV running at a time.

The AVG looks to be quite old based on the folder containing the name 6 in it and they're now at version 8.5

I would highly recommend FULL removal of both products for now and then install Avira free version until we get done fixing this computer.

For now please remove both AV products and then run a new MBAM Quick Scan and post back the new log on your next reply.

Then install Avira AV and update it and do a Full Scan and let me know what it finds.

K.... Sorry this is not my computer, I let someone rope me into looking at it for them. Anyway, I found and uninstalled McAfee Enterprise, but I could not see anything for AVG--nothing in the Add/Remove Programs menu, nothing in the start menu, nor anything in Program Files. Do you know where it would be located otherwise?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.