Jump to content

Recommended Posts

i ,

i have probably the same problem.----> http://forums.malwarebytes.org/index.php?showtopic=83039

-anti malvare error 372...

-MSE error code 0x80070424 (...specifed service does no exist...)

-skype ...rpc server is unavailable

-copy paste dont work

-drag icons dont work

-in device manager i can not use properties button (nothing happens)

- services (services.msc) also dont work correctly: most of them i can not start ( error 1075 dependency service does not exist or has been marked for deletion)

-cant start tweak etc etc etc

i have win xp sp3

i tried drweb cureit(linux and win),kasperski removal tool,clamwin,trojan remower,stinger mcafee...

after all stuff and cleaning system have same errors

DDS txt:

DDS (Ver_11-03-05.01) - NTFSx86

Run by Screenfire at 23:58:07,35 on sri 18.05.2011

Internet Explorer: 8.0.6001.18702

.

============== Running Processes ===============

.

C:\WINDOWS.0\Explorer.EXE

C:\Documents and Settings\Screenfire\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS.0\system32\tcpsvcs.exe

C:\Program Files\Microsoft Security Client\msseces.exe

D:\dds.scr

C:\WINDOWS.0\System32\svchost.exe -k netsvcs

C:\WINDOWS.0\system32\svchost.exe -k NetworkService

C:\WINDOWS.0\system32\svchost.exe -k LocalService

C:\WINDOWS.0\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

dRun: [CTFMON.EXE] c:\windows.0\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [iE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\wpdshserviceobj.dll

.

============= SERVICES / DRIVERS ===============

.

R? Ambfilt;Ambfilt

R? EUCR;EUCR

R? MEMSWEEP2;MEMSWEEP2

R? MpKsl0fde1a42;MpKsl0fde1a42

R? MpKsl37f5bddb;MpKsl37f5bddb

R? MpKsl53c105dc;MpKsl53c105dc

R? MpKsl9cf9afa0;MpKsl9cf9afa0

R? MpKslb5c84996;MpKslb5c84996

R? MpKsle7da0e0b;MpKsle7da0e0b

R? TuneUp.UtilitiesSvc;TuneUp Utilities Service

R? utexnjq5;AVZ Kernel Driver

S? 55365851;55365851

S? 55365852;55365852 Boot Guard Driver

S? DwProt;DrWeb Protection

S? L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller

S? uzexnjq5;AVZ-RK Kernel Driver

.

=============== Created Last 30 ================

.

2011-05-18 20:33:15 98816 ----a-w- c:\windows.0\sed.exe

2011-05-18 20:33:15 89088 ----a-w- c:\windows.0\MBR.exe

2011-05-18 20:33:15 256512 ----a-w- c:\windows.0\PEV.exe

2011-05-18 20:33:15 161792 ----a-w- c:\windows.0\SWREG.exe

2011-05-18 20:33:07 -------- d-----w- C:\ComboFix

2011-05-18 19:48:31 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys

2011-05-18 19:48:25 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys

2011-05-18 19:48:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-16 15:49:57 -------- d-----w- C:\WINSSLog

2011-05-16 15:03:33 -------- d-----w- c:\program files\Sophos

2011-05-16 14:25:00 -------- d-----w- c:\docume~1\screen~1\applic~1\DriverCure

2011-05-16 14:24:59 -------- d-----w- c:\docume~1\screen~1\applic~1\ParetoLogic

2011-05-16 14:24:51 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\ParetoLogic

2011-05-15 21:39:35 -------- d-----w- c:\documents and settings\screenfire\DoctorWeb

2011-05-15 21:27:34 -------- d-----w- c:\docume~1\screen~1\applic~1\.clamwin

2011-05-15 21:27:19 -------- d-----w- c:\documents and settings\all users.windows.0\.clamwin

2011-05-15 19:20:07 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Malwarebytes

2011-05-15 18:55:22 30754 ----a-w- c:\windows.0\system32\tcpipbak.reg

2011-05-15 18:55:18 674 ----a-w- c:\windows.0\ie-ads-uninst.reg

2011-05-15 18:55:18 32768 ----a-w- c:\windows.0\system32\ServiceRepair.exe

2011-05-15 18:47:15 77312 ----a-w- c:\windows.0\system32\ztvunace26.dll

2011-05-15 18:47:15 75264 ----a-w- c:\windows.0\system32\unacev2.dll

2011-05-15 18:47:15 69632 ----a-w- c:\windows.0\system32\ztvcabinet.dll

2011-05-15 18:47:15 162304 ----a-w- c:\windows.0\system32\ztvunrar36.dll

2011-05-15 18:47:15 153088 ----a-w- c:\windows.0\system32\UNRAR3.dll

2011-05-15 17:59:56 18944 ----a-w- c:\windows.0\system32\simptcp.dll

2011-05-11 22:13:08 7168 ----a-w- c:\windows.0\system32\drivers\utexnjq5.sys.vir

2011-05-11 22:13:06 10240 ----a-w- c:\windows.0\system32\drivers\ujexnjq5.sys

2011-05-11 22:03:09 11264 ----a-w- c:\windows.0\system32\drivers\uzexnjq5.sys

2011-05-11 18:14:50 37392 ----a-w- c:\windows.0\system32\drivers\55365852.sys

2011-05-11 18:14:50 315408 ----a-w- c:\windows.0\system32\drivers\5536585.sys

2011-05-11 18:14:50 128016 ----a-w- c:\windows.0\system32\drivers\55365851.sys

2011-05-11 17:36:46 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Kaspersky Lab Setup Files

2011-05-08 20:20:21 7071056 ------w- c:\docume~1\alluse~1.0\applic~1\microsoft\microsoft antimalware\definition updates\{541fc280-c130-4fbc-b754-9a5e6201a722}\mpengine.dll

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows.0\system32\inetcomm.dll

2011-03-04 06:35:38 420864 ----a-w- c:\windows.0\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows.0\system32\win32k.sys

2011-02-22 23:27:04 919552 ----a-w- c:\windows.0\system32\wininet.dll

2011-02-22 23:27:04 43520 ----a-w- c:\windows.0\system32\licmgr10.dll

2011-02-22 23:27:04 1469440 ----a-w- c:\windows.0\system32\inetcpl.cpl

2011-02-18 12:08:32 385024 ----a-w- c:\windows.0\system32\html.iec

.

============= FINISH: 23:58:23,35 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi ,thank you for your time

On infected computer have no internet connection (tcp/ip) wont work or reinstall,network connection windows is empty,all services related to network dont work etc etc. and can not update mbam over internet.

So before I tried to manually install the latest databese mbam-rules.exe whit no efect ,anti malware still when i try to start give pop up error "run time error 372"-faild to load control 'vbalGrid' from vbalsgrid6.ocx...

also i tried mbam-clean.exe then again install new MBAM and install visual basic updates etc etc whit no effect also.

antivirus installed on the computer is MSE also wont work error code 0x80070424 ,also i tried to unninstal whit no success(use add remove and latter onecare cleaning tool)

then i start to search stand alone usb antivirus and have not succeeded with any(kasperski,mcafee,dr web...)

I send you latest DDS log and combofix.txt

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Screenfire at 10:50:55,29 on sub 21.05.2011

Internet Explorer: 8.0.6001.18702

.

============== Running Processes ===============

.

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS.0\system32\tcpsvcs.exe

C:\WINDOWS.0\explorer.exe

D:\dds.scr

C:\WINDOWS.0\System32\svchost.exe -k netsvcs

C:\WINDOWS.0\system32\svchost.exe -k NetworkService

C:\WINDOWS.0\system32\svchost.exe -k LocalService

C:\WINDOWS.0\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [CTFMON.EXE] c:\windows.0\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [iE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\wpdshserviceobj.dll

.

============= SERVICES / DRIVERS ===============

.

R? Ambfilt;Ambfilt

R? EUCR;EUCR

R? MEMSWEEP2;MEMSWEEP2

R? MpKsl0fde1a42;MpKsl0fde1a42

R? MpKsl37f5bddb;MpKsl37f5bddb

R? MpKsl53c105dc;MpKsl53c105dc

R? MpKsl9cf9afa0;MpKsl9cf9afa0

R? MpKslb5c84996;MpKslb5c84996

R? MpKsle7da0e0b;MpKsle7da0e0b

R? TuneUp.UtilitiesSvc;TuneUp Utilities Service

R? utexnjq5;AVZ Kernel Driver

S? 55365851;55365851

S? 55365852;55365852 Boot Guard Driver

S? L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller

S? uzexnjq5;AVZ-RK Kernel Driver

.

=============== Created Last 30 ================

.

2011-05-21 08:42:01 -------- d-----w- C:\ComboFix

2011-05-19 06:55:21 -------- d-sha-r- C:\cmdcons

2011-05-19 06:55:17 -------- d-----w- c:\windows.0\setup.pss

2011-05-19 06:43:26 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys

2011-05-19 06:43:26 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Malwarebytes

2011-05-19 06:43:23 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys

2011-05-19 06:43:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-18 20:33:15 98816 ----a-w- c:\windows.0\sed.exe

2011-05-18 20:33:15 89088 ----a-w- c:\windows.0\MBR.exe

2011-05-18 20:33:15 256512 ----a-w- c:\windows.0\PEV.exe

2011-05-18 20:33:15 161792 ----a-w- c:\windows.0\SWREG.exe

2011-05-16 15:49:57 -------- d-----w- C:\WINSSLog

2011-05-16 15:03:33 -------- d-----w- c:\program files\Sophos

2011-05-16 14:25:00 -------- d-----w- c:\docume~1\screen~1\applic~1\DriverCure

2011-05-16 14:24:59 -------- d-----w- c:\docume~1\screen~1\applic~1\ParetoLogic

2011-05-16 14:24:51 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\ParetoLogic

2011-05-15 21:39:35 -------- d-----w- c:\documents and settings\screenfire\DoctorWeb

2011-05-15 21:27:34 -------- d-----w- c:\docume~1\screen~1\applic~1\.clamwin

2011-05-15 21:27:19 -------- d-----w- c:\documents and settings\all users.windows.0\.clamwin

2011-05-15 18:55:22 30754 ----a-w- c:\windows.0\system32\tcpipbak.reg

2011-05-15 18:55:18 674 ----a-w- c:\windows.0\ie-ads-uninst.reg

2011-05-15 18:55:18 32768 ----a-w- c:\windows.0\system32\ServiceRepair.exe

2011-05-15 18:47:15 77312 ----a-w- c:\windows.0\system32\ztvunace26.dll

2011-05-15 18:47:15 75264 ----a-w- c:\windows.0\system32\unacev2.dll

2011-05-15 18:47:15 69632 ----a-w- c:\windows.0\system32\ztvcabinet.dll

2011-05-15 18:47:15 162304 ----a-w- c:\windows.0\system32\ztvunrar36.dll

2011-05-15 18:47:15 153088 ----a-w- c:\windows.0\system32\UNRAR3.dll

2011-05-15 17:59:56 18944 ----a-w- c:\windows.0\system32\simptcp.dll

2011-05-11 22:13:08 7168 ----a-w- c:\windows.0\system32\drivers\utexnjq5.sys.vir

2011-05-11 22:13:06 10240 ----a-w- c:\windows.0\system32\drivers\ujexnjq5.sys

2011-05-11 22:03:09 11264 ----a-w- c:\windows.0\system32\drivers\uzexnjq5.sys

2011-05-11 18:14:50 37392 ----a-w- c:\windows.0\system32\drivers\55365852.sys

2011-05-11 18:14:50 315408 ----a-w- c:\windows.0\system32\drivers\5536585.sys

2011-05-11 18:14:50 128016 ----a-w- c:\windows.0\system32\drivers\55365851.sys

2011-05-11 17:36:46 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Kaspersky Lab Setup Files

2011-05-08 20:20:21 7071056 ------w- c:\docume~1\alluse~1.0\applic~1\microsoft\microsoft antimalware\definition updates\{541fc280-c130-4fbc-b754-9a5e6201a722}\mpengine.dll

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows.0\system32\inetcomm.dll

2011-03-04 06:35:38 420864 ----a-w- c:\windows.0\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows.0\system32\win32k.sys

2011-02-22 23:27:04 919552 ----a-w- c:\windows.0\system32\wininet.dll

2011-02-22 23:27:04 43520 ----a-w- c:\windows.0\system32\licmgr10.dll

2011-02-22 23:27:04 1469440 ----a-w- c:\windows.0\system32\inetcpl.cpl

.

============= FINISH: 10:51:10,71 ===============

ComboFix 11-05-17.03 - Screenfire 21.05.2011 10:43:21.3.2 - x86

Running from: D:\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))

.

.

2011-05-19 06:43 . 2011-05-19 06:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes

2011-05-19 06:43 . 2010-12-20 16:09 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys

2011-05-19 06:43 . 2011-05-19 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-19 06:43 . 2010-12-20 16:08 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys

2011-05-16 15:49 . 2011-05-16 16:14 -------- d-----w- C:\WINSSLog

2011-05-16 15:03 . 2011-05-18 11:11 -------- d-----w- c:\program files\Sophos

2011-05-16 14:25 . 2011-05-16 14:25 -------- d-----w- c:\documents and settings\Screenfire\Application Data\DriverCure

2011-05-16 14:24 . 2011-05-16 14:24 -------- d-----w- c:\documents and settings\Screenfire\Application Data\ParetoLogic

2011-05-16 14:24 . 2011-05-18 11:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\ParetoLogic

2011-05-15 21:39 . 2011-05-15 21:39 -------- d-----w- c:\documents and settings\Screenfire\DoctorWeb

2011-05-15 21:27 . 2011-05-15 21:27 -------- d-----w- c:\documents and settings\Screenfire\Application Data\.clamwin

2011-05-15 21:27 . 2011-05-15 21:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\.clamwin

2011-05-15 18:55 . 2011-05-15 18:55 30754 ----a-w- c:\windows.0\system32\tcpipbak.reg

2011-05-15 18:55 . 2006-03-13 08:41 674 ----a-w- c:\windows.0\ie-ads-uninst.reg

2011-05-15 18:55 . 2005-10-20 09:30 32768 ----a-w- c:\windows.0\system32\ServiceRepair.exe

2011-05-15 18:47 . 2006-06-19 10:01 69632 ----a-w- c:\windows.0\system32\ztvcabinet.dll

2011-05-15 18:47 . 2006-05-25 12:52 162304 ----a-w- c:\windows.0\system32\ztvunrar36.dll

2011-05-15 18:47 . 2005-08-25 22:50 77312 ----a-w- c:\windows.0\system32\ztvunace26.dll

2011-05-15 18:47 . 2003-02-02 17:06 153088 ----a-w- c:\windows.0\system32\UNRAR3.dll

2011-05-15 18:47 . 2002-03-05 22:00 75264 ----a-w- c:\windows.0\system32\unacev2.dll

2011-05-15 17:59 . 2008-04-14 11:00 18944 ----a-w- c:\windows.0\system32\simptcp.dll

2011-05-11 22:13 . 2011-05-11 22:28 7168 ----a-w- c:\windows.0\system32\drivers\utexnjq5.sys.vir

2011-05-11 22:13 . 2011-05-11 22:13 10240 ----a-w- c:\windows.0\system32\drivers\ujexnjq5.sys

2011-05-11 22:03 . 2011-05-11 22:03 11264 ----a-w- c:\windows.0\system32\drivers\uzexnjq5.sys

2011-05-11 18:14 . 2009-10-22 11:54 37392 ----a-w- c:\windows.0\system32\drivers\55365852.sys

2011-05-11 18:14 . 2009-10-09 21:31 315408 ----a-w- c:\windows.0\system32\drivers\5536585.sys

2011-05-11 18:14 . 2009-09-25 15:59 128016 ----a-w- c:\windows.0\system32\drivers\55365851.sys

2011-05-11 17:36 . 2011-05-11 17:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files

2011-05-10 19:55 . 2011-05-16 17:08 -------- d-----w- c:\documents and settings\Administrator

2011-05-08 20:20 . 2011-04-11 07:04 7071056 ------w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{541FC280-C130-4FBC-B754-9A5E6201A722}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-18 07:15 . 2011-02-06 13:22 7071056 ------w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-04-11 07:04 . 2011-03-26 18:47 7071056 ------w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-07 05:33 . 2010-12-10 13:15 692736 ----a-w- c:\windows.0\system32\inetcomm.dll

2011-03-04 06:35 . 2009-11-05 12:54 420864 ----a-w- c:\windows.0\system32\vbscript.dll

2011-03-03 13:27 . 2009-11-10 16:54 1866880 ----a-w- c:\windows.0\system32\win32k.sys

2011-02-22 23:27 . 2009-11-05 12:54 919552 ----a-w- c:\windows.0\system32\wininet.dll

2011-02-22 23:27 . 2009-11-05 12:54 1469440 ----a-w- c:\windows.0\system32\inetcpl.cpl

2011-02-22 23:27 . 2009-11-05 12:53 43520 ----a-w- c:\windows.0\system32\licmgr10.dll

.

.

------- Sigcheck -------

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\asyncmac.sys

.

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\beep.sys

.

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\ndis.sys

.

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\ntfs.sys

.

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\null.sys

.

[-] 2009-11-05 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows.0\system32\drivers\tcpip.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows.0\system32\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows.0\system32\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows.0\system32\netman.dll

.

[-] 2008-04-14 11:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows.0\system32\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows.0\system32\qmgr.dll

.

[-] 2009-11-05 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows.0\system32\rpcss.dll

.

[-] 2009-11-05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows.0\system32\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows.0\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows.0\system32\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows.0\$NtUninstallKB2347290$\spoolsv.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows.0\system32\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows.0\$NtUninstallKB2296011$\comctl32.dll

[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows.0\system32\cryptsvc.dll

.

[-] 2009-11-05 12:53 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows.0\system32\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows.0\system32\imm32.dll

.

[-] 2009-11-05 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows.0\system32\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows.0\system32\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows.0\system32\lpk.dll

.

[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows.0\system32\mshtml.dll

[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows.0\ie8updates\KB2497640-IE8\mshtml.dll

[-] 2009-11-05 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows.0\ie8updates\KB2482017-IE8\mshtml.dll

.

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows.0\system32\msvcrt.dll

[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

.

[-] 2009-11-05 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows.0\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows.0\system32\mswsock.dll

.

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows.0\system32\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows.0\system32\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows.0\system32\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows.0\system32\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows.0\system32\svchost.exe

.

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows.0\system32\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows.0\system32\userinit.exe

.

[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows.0\system32\wininet.dll

[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows.0\ie8updates\KB2497640-IE8\wininet.dll

[-] 2009-11-05 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows.0\ie8updates\KB2482017-IE8\wininet.dll

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows.0\system32\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows.0\system32\ws2help.dll

.

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows.0\regedit.exe

.

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows.0\system32\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows.0\$hf_mig$\KB979687\SP3QFE\ole32.dll

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows.0\$NtUninstallKB979687$\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows.0\system32\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows.0\$hf_mig$\KB981322\SP3QFE\usp10.dll

[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows.0\$NtUninstallKB981322$\usp10.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows.0\system32\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows.0\system32\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows.0\system32\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows.0\system32\eventlog.dll

.

[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows.0\system32\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows.0\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows.0\$NtUninstallKB971029$\shsvcs.dll

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows.0\system32\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows.0\system32\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows.0\system32\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows.0\system32\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows.0\system32\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows.0\system32\appmgmts.dll

.

[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\acpiec.sys

.

[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows.0\system32\drivers\aec.sys

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows.0\system32\drivers\ip6fw.sys

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows.0\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows.0\system32\mfc40u.dll

[-] 2008-04-14 11:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows.0\$NtUninstallKB2387149$\mfc40u.dll

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows.0\system32\msgsvc.dll

.

[-] 2009-11-05 13:34 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows.0\system32\mspmsnsv.dll

.

[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows.0\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe

[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows.0\system32\ntkrnlpa.exe

[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows.0\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows.0\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe

[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows.0\$NtUninstallKB2393802$\ntkrnlpa.exe

[-] 2009-11-05 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows.0\$NtUninstallKB981852$\ntkrnlpa.exe

.

[-] 2008-04-14 11:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows.0\system32\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows.0\system32\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows.0\system32\dsound.dll

.

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows.0\system32\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows.0\system32\ddraw.dll

.

[-] 2008-04-14 11:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows.0\system32\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows.0\system32\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows.0\system32\version.dll

.

[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows.0\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows.0\system32\ntoskrnl.exe

[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows.0\Driver Cache\i386\ntoskrnl.exe

[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows.0\$NtUninstallKB2393802$\ntoskrnl.exe

[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows.0\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe

[-] 2009-11-05 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows.0\$NtUninstallKB981852$\ntoskrnl.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows.0\system32\srsvc.dll

.

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows.0\system32\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows.0\system32\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows.0\system32\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows.0\system32\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"IE8"="advpack.dll" [2009-11-05 128512]

.

[HKLM\~\startupfolder\C:^Documents and Settings^Screenfire^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Screenfire\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows.0\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Screenfire^Start Menu^Programs^Startup^VAS.lnk]

path=c:\documents and settings\Screenfire\Start Menu\Programs\Startup\VAS.lnk

backup=c:\windows.0\pss\VAS.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Screenfire^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]

path=c:\documents and settings\Screenfire\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

backup=c:\windows.0\pss\Yahoo! Widgets.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-15 20:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

2009-12-11 12:59 59936 ------w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 11:00 15360 ----a-w- c:\windows.0\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-12-14 21:33 136176 ----atw- c:\documents and settings\Screenfire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-16 21:56 173592 ----a-r- c:\windows.0\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-16 21:56 141336 ----a-r- c:\windows.0\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-11-16 21:56 141336 ----a-r- c:\windows.0\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2010-03-13 04:53 19521056 ----a-w- c:\windows.0\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Documents and Settings\\Screenfire\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 MpKsl0fde1a42;MpKsl0fde1a42;c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD130BC3-03F2-4C64-9C32-DF972B165822}\MpKsl0fde1a42.sys [x]

R1 MpKsl37f5bddb;MpKsl37f5bddb;c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42EC07C6-7F25-4686-A3CF-CF4D494A3D04}\MpKsl37f5bddb.sys [x]

R1 MpKsl53c105dc;MpKsl53c105dc;c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F627DF0-9DD0-4A8C-BBEB-6797A5BC7187}\MpKsl53c105dc.sys [x]

R1 MpKsl9cf9afa0;MpKsl9cf9afa0;c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F627DF0-9DD0-4A8C-BBEB-6797A5BC7187}\MpKsl9cf9afa0.sys [x]

R1 MpKslb5c84996;MpKslb5c84996;c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD0E8AF8-21F8-47F2-AEFB-2AA945E05D85}\MpKslb5c84996.sys [x]

R1 MpKsle7da0e0b;MpKsle7da0e0b;c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62C0DA24-477B-4153-8D59-D3AD126532ED}\MpKsle7da0e0b.sys [x]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-23 1483072]

R3 Ambfilt;Ambfilt;c:\windows.0\system32\drivers\Ambfilt.sys [2009-11-18 1691480]

R3 EUCR;EUCR;c:\windows.0\system32\DRIVERS\EUCR6SK.SYS [2010-03-02 108752]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows.0\system32\8.tmp [x]

R3 utexnjq5;AVZ Kernel Driver; [x]

S0 55365852;55365852 Boot Guard Driver;c:\windows.0\system32\DRIVERS\55365852.sys [2009-10-22 37392]

S1 55365851;55365851;c:\windows.0\system32\DRIVERS\55365851.sys [2009-09-25 128016]

S1 uzexnjq5;AVZ-RK Kernel Driver;c:\windows.0\system32\Drivers\uzexnjq5.sys [2011-05-11 11264]

S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows.0\system32\DRIVERS\l1c51x86.sys [2010-03-04 60456]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-09 c:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1078145449-1275210071-1003Core.job

- c:\documents and settings\Screenfire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-14 21:33]

.

2011-05-10 c:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1078145449-1275210071-1003UA.job

- c:\documents and settings\Screenfire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-14 21:33]

.

2011-05-10 c:\windows.0\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

2011-05-10 c:\windows.0\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1078145449-1275210071-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]

.

2011-05-04 c:\windows.0\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1078145449-1275210071-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-21 10:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows.0\system32\8.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1372)

c:\windows.0\system32\WININET.dll

.

Completion time: 2011-05-21 10:49:52

ComboFix-quarantined-files.txt 2011-05-21 08:49

ComboFix2.txt 2011-05-19 07:06

ComboFix3.txt 2011-05-18 20:42

.

Pre-Run: 137.425.928.192 bytes free

Post-Run: 137.412.034.560 bytes free

.

- - End Of File - - 2B69A5F05783504027FCA393BB0E4B99

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Every time you reply, you get pushed to the bottom of my reply list. You kept replying and I kept missing your posts.

There is a lot of system corruption here. I suggest uninstalling SP3 and downloading it again from here:

http://www.microsoft.com/downloads/en/details.aspx?familyid=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en

Install it, reboot, and post a fresh DDS log.

Link to post
Share on other sites

  • Staff

Hi,

Please open Notepad. Copy and paste the following text into the Notepad document.

Navigate to File --> Save As..., and save the file as crypt.bat (make sure the Save As Type is set to All Files).

Save it to your Desktop.

sc query cryptsvc>"%userprofile%\desktop\cryptsvc.txt"

Now navigate to your Desktop, and double click crypt.bat

A black window will open and close quickly. This is normal.

Open cryptsvc.txt on your Desktop and post its contents here.

Link to post
Share on other sites

hi,

services (services.msc) also dont work correctly: most of them i can not start ( error 1075 dependency service does not exist or has been marked for deletion) and when i try click on properties nothing happens.

when i try click start show this:Could not start the CryptSvc service on local Computer error 1075 dependency service does not exist or has been marked for deletion

all of my probles start whit this:lost services funcinality and properties in device manager ,also lost wi fi connection...

last option is new install but I want to find out what it is.

and I want to kill the virus and the one who made ??it :-))))

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.