Jump to content

need help plz


Recommended Posts

sorry i cant run mbam it coles when scan starts here is dds log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18

Run by User at 23:57:15 on 2011-10-21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.391 [GMT -5:00]

.

AV: Doctor Web Anti-Virus *Enabled/Outdated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

FW: McAfee Firewall *Disabled*

.

============== Running Processes ===============

.

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\DrWeb\spideragent.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

c:\program files\teamviewer\version6\TeamViewer_Desktop.exe

C:\Program Files\TeamViewer\Version6\tv_w32.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.7\iobitToolbarIE.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110303022314.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.7\iobitToolbarIE.dll

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\documents and settings\user\desktop\sddads\SUPERAntiSpyware.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin

mRun: [<NO NAME>]

mRun: [spIDerAgent] "c:\program files\drweb\spideragent.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\winupd.lnk - c:\documents and settings\user\local settings\temp\winupd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll

LSP: mswsock.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206468949530

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{42B61E99-D9C2-495C-B848-199D310B8AD9} : DhcpNameServer = 192.168.1.254 192.168.1.254

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -

Notify: igfxcui - igfxsrvc.dll

LSA: Authentication Packages = msv1_0 nwprovau

Hosts: 67.205.118.181 www.google.com

Hosts: 67.205.118.182 search.yahoo.com

Hosts: 67.205.118.182 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\i0e0zx71.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\i0e0zx71.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

# Mozilla User Preferences

.

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

.

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1318426304

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1318426342

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1318426059

FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1318425971

FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1318426362

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1318426201

FF - user.js: browser.anchor_color - #0000FF

FF - user.js: browser.display.background_color - #C0C0C0

FF - user.js: browser.display.use_system_colors - true

FF - user.js: browser.download.manager.alertOnEXEOpen - false

FF - user.js: browser.download.manager.showAlertOnComplete - false

FF - user.js: browser.formfill.enable - false

FF - user.js: browser.history_expire_days - 10

FF - user.js: browser.migration.version - 1

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.preferences.advanced.selectedTabIndex - 1

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.safebrowsing.enabled - false

FF - user.js: browser.safebrowsing.malware.enabled - false

FF - user.js: browser.search.defaultenginename - Yahoo

FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&type=685749&ilc=12

FF - user.js: browser.search.selectedEngine - Yahoo

FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.2.13

FF - user.js: browser.visited_color - #800080

FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8,runtime@panda3d.org:1.0.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - user.js: extensions.lastAppVersion - 3.6.13

FF - user.js: extensions.update.notifyUser - false

FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729)

FF - user.js: idle.lastDailyNotification - 1318426650

FF - user.js: intl.accept_languages - en-us

FF - user.js: intl.charsetmenu.browser.cache - us-ascii, ISO-8859-1, UTF-8

FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - user.js: microsoft.CLR.auto_install - false

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.http.proxy.version - 1.0

FF - user.js: network.proxy.type - 0

FF - user.js: places.last_vacuum - 1318426650

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.enable_ssl2 - true

FF - user.js: security.enable_tls - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320938766

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-3 459728]

R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-10-4 34248]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-10-12 328536]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-3 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-3 188136]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-4 152960]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-4 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-3 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88544]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]

S2 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]

S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\imfsrv.exe --> c:\program files\iobit\iobit malware fighter\IMFsrv.exe [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-3 148520]

S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-10-15 2358656]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-3 55840]

S3 ECnvtBox;Embroidery Conversion Box Plus;c:\windows\system32\drivers\ECnvtBox.sys [2009-9-5 37818]

S3 FileMonitor;FileMonitor;\??\c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\filemonitor.sys --> c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-3 84264]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-4 40552]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RegFilter;RegFilter;\??\c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\regfilter.sys --> c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\regfilter.sys [?]

S3 UrlFilter;UrlFilter;\??\c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\urlfilter.sys --> c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [?]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]

S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

S4 IObitUnlocker;IObitUnlocker;c:\program files\iobit\iobit unlocker\IObitUnlocker.sys [2011-10-13 27552]

.

=============== Created Last 30 ================

.

2011-10-17 21:07:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-17 20:34:56 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys

2011-10-17 20:34:52 109560 ----a-w- c:\windows\system32\drivers\spiderg3.sys

2011-10-17 20:34:50 55800 ----a-w- c:\windows\system32\drivers\dw_wfp.sys

2011-10-17 20:34:01 -------- d-----w- c:\documents and settings\all users\application data\Doctor Web

2011-10-17 19:58:10 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-17 19:58:10 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-15 21:05:41 -------- d-----w- c:\program files\CCleaner

2011-10-15 18:53:56 -------- d-----w- c:\documents and settings\user\Doctor Web

2011-10-15 18:53:16 176120 ----a-w- c:\windows\system32\drivers\DrWebLwf.sys

2011-10-15 18:52:59 -------- d-----w- c:\program files\common files\Doctor Web

2011-10-15 18:52:34 -------- d-----w- c:\program files\DrWeb

2011-10-15 17:50:12 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com

2011-10-15 17:47:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-15 17:47:59 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-10-15 16:35:22 545 ----a-w- c:\windows\UC.PIF

2011-10-15 16:35:22 545 ----a-w- c:\windows\RAR.PIF

2011-10-15 16:35:22 545 ----a-w- c:\windows\PKZIP.PIF

2011-10-15 16:35:22 545 ----a-w- c:\windows\PKUNZIP.PIF

2011-10-15 16:35:22 545 ----a-w- c:\windows\LHA.PIF

2011-10-15 16:35:22 545 ----a-w- c:\windows\ARJ.PIF

2011-10-15 16:35:22 -------- d-----w- c:\documents and settings\user\application data\GHISLER

2011-10-15 16:19:25 -------- d-----w- C:\getservices

2011-10-15 14:46:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-13 20:16:11 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2011-10-13 20:15:57 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2011-10-13 20:15:54 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2011-10-13 20:15:53 16384 ----a-w- c:\windows\system32\ipsink.ax

2011-10-13 20:15:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2011-10-13 20:15:43 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2011-10-13 20:15:35 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2011-10-13 20:15:29 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2011-10-13 20:15:16 91136 ----a-w- c:\windows\system32\kswdmcap.ax

2011-10-13 20:15:16 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2011-10-13 20:15:16 43008 ----a-w- c:\windows\system32\ksxbar.ax

2011-10-13 20:15:15 61952 ----a-w- c:\windows\system32\kstvtune.ax

2011-10-13 20:15:12 20992 ----a-w- c:\windows\system32\dshowext.ax

2011-10-13 20:08:30 -------- d-----w- c:\documents and settings\user\local settings\application data\Vivitar Experience Image Manager

2011-10-13 20:08:27 -------- d-----w- c:\documents and settings\all users\application data\Vivitar Experience Image Manager

2011-10-13 20:08:27 -------- d-----w- c:\documents and settings\all users\application data\Vivitar

2011-10-13 20:07:23 69098 ----a-w- c:\windows\system32\drivers\jl2005c.sys

2011-10-13 20:07:23 15360 ----a-w- c:\windows\system32\jl2005c.ax

2011-10-13 20:07:23 135168 ----a-w- c:\windows\system32\jl_jdct.drv

2011-10-13 20:07:23 -------- d-----w- c:\program files\MTA

2011-10-13 20:07:23 -------- d-----w- c:\program files\69379

2011-10-13 20:07:12 -------- d-----w- c:\program files\Haali

2011-10-13 20:06:38 -------- d-----w- c:\program files\Vivitar Experience Image Manager

2011-10-13 17:33:07 -------- d-----w- c:\documents and settings\user\application data\Search Settings

2011-10-13 17:33:01 -------- d-----w- c:\program files\IObit Toolbar

2011-10-13 17:33:01 -------- d-----w- c:\program files\common files\Spigot

2011-10-13 17:33:01 -------- d-----w- c:\program files\Application Updater

2011-10-13 16:45:35 -------- d-----w- c:\documents and settings\user\local settings\application data\Downloaded Installations

2011-10-13 14:05:42 -------- d-----w- c:\documents and settings\user\DoctorWeb

2011-10-12 22:46:47 -------- d-----w- c:\documents and settings\user\local settings\application data\WinZip

2011-10-12 20:56:47 -------- d-----w- C:\scan

2011-10-12 18:58:24 -------- d-----w- c:\documents and settings\user\application data\IObit

2011-10-12 18:01:20 -------- d--h--w- c:\windows\PIF

2011-10-12 17:55:09 -------- d-----w- c:\documents and settings\all users\application data\IObit

2011-10-12 17:54:18 -------- d-----w- c:\program files\IObit

2011-10-12 17:48:10 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2011-10-12 17:48:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-12 17:40:20 -------- d-----w- c:\documents and settings\user\application data\TeamViewer

2011-10-12 17:40:12 -------- d-----w- c:\program files\TeamViewer

.

==================== Find3M ====================

.

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:52 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-12 18:51:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST380013AS rev.8.12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xA3169890]<<

_asm { PUSH ECX; MOV EAX, [ESP+0x8]; PUSH EBX; PUSH EBP; PUSH ESI; PUSH EDI; CMP EAX, [0xa316f964]; JNZ 0x22; MOV EBX, [ESP+0x1c]; CALL 0xfffffffffffffcc0; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x87583AB8]

3 CLASSPNP[0xF76FEFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x87587430]

\Driver\Disk[0x8665ABC0] -> IRP_MJ_CREATE -> 0xA3169890

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SI, 0x7c00; CLI ; MOV SS, AX; MOV SP, SI; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV DI, 0x600; MOV CX, 0x100; REP MOVSW ; JMP FAR 0x0:0x61d; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8751E51B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 23:58:15.17 ===============

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

09:51:42.0734 8664 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

09:51:43.0245 8664 ============================================================

09:51:43.0245 8664 Current date / time: 2011/10/24 09:51:43.0245

09:51:43.0245 8664 SystemInfo:

09:51:43.0245 8664

09:51:43.0245 8664 OS Version: 5.1.2600 ServicePack: 3.0

09:51:43.0245 8664 Product type: Workstation

09:51:43.0245 8664 ComputerName: MOMS

09:51:43.0245 8664 UserName: User

09:51:43.0245 8664 Windows directory: C:\WINDOWS

09:51:43.0245 8664 System windows directory: C:\WINDOWS

09:51:43.0245 8664 Processor architecture: Intel x86

09:51:43.0245 8664 Number of processors: 1

09:51:43.0245 8664 Page size: 0x1000

09:51:43.0245 8664 Boot type: Normal boot

09:51:43.0245 8664 ============================================================

09:51:44.0927 8664 Initialize success

09:51:48.0953 11544 ============================================================

09:51:48.0953 11544 Scan started

09:51:48.0953 11544 Mode: Manual;

09:51:48.0953 11544 ============================================================

09:51:50.0545 11544 Suspicious service (NoAccess): 1206438843

09:51:50.0835 11544 1206438843 (78bdf35b004b490074acea8a885cbb8d) C:\WINDOWS\system32\drivers\1206438843.sys

09:51:50.0835 11544 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\1206438843.sys. md5: 78bdf35b004b490074acea8a885cbb8d

09:51:50.0835 11544 1206438843 ( LockedService.Multi.Generic ) - warning

09:51:50.0835 11544 1206438843 - detected LockedService.Multi.Generic (1)

09:51:50.0875 11544 Abiosdsk - ok

09:51:50.0946 11544 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

09:51:50.0966 11544 abp480n5 - ok

09:51:51.0036 11544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:51:51.0046 11544 ACPI - ok

09:51:51.0096 11544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:51:51.0096 11544 ACPIEC - ok

09:51:51.0156 11544 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

09:51:51.0156 11544 adpu160m - ok

09:51:51.0236 11544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:51:51.0246 11544 aec - ok

09:51:51.0296 11544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:51:51.0306 11544 AFD - ok

09:51:51.0376 11544 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

09:51:51.0376 11544 agp440 - ok

09:51:51.0416 11544 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

09:51:51.0426 11544 agpCPQ - ok

09:51:51.0456 11544 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

09:51:51.0476 11544 Aha154x - ok

09:51:51.0536 11544 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

09:51:51.0546 11544 aic78u2 - ok

09:51:51.0566 11544 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

09:51:51.0577 11544 aic78xx - ok

09:51:51.0627 11544 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

09:51:51.0627 11544 AliIde - ok

09:51:51.0677 11544 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

09:51:51.0677 11544 alim1541 - ok

09:51:51.0707 11544 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

09:51:51.0717 11544 amdagp - ok

09:51:51.0767 11544 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

09:51:51.0777 11544 amsint - ok

09:51:51.0837 11544 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

09:51:51.0837 11544 asc - ok

09:51:51.0867 11544 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

09:51:51.0877 11544 asc3350p - ok

09:51:51.0907 11544 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

09:51:51.0907 11544 asc3550 - ok

09:51:51.0997 11544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:51:51.0997 11544 AsyncMac - ok

09:51:52.0057 11544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:51:52.0057 11544 atapi - ok

09:51:52.0187 11544 Atdisk - ok

09:51:52.0257 11544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:51:52.0257 11544 Atmarpc - ok

09:51:52.0358 11544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:51:52.0358 11544 audstub - ok

09:51:52.0408 11544 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

09:51:52.0408 11544 b57w2k - ok

09:51:52.0478 11544 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

09:51:52.0488 11544 BCM43XX - ok

09:51:52.0548 11544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:51:52.0548 11544 Beep - ok

09:51:52.0618 11544 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

09:51:52.0618 11544 cbidf - ok

09:51:52.0668 11544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:51:52.0668 11544 cbidf2k - ok

09:51:52.0718 11544 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:51:52.0718 11544 CCDECODE - ok

09:51:52.0778 11544 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

09:51:52.0778 11544 cd20xrnt - ok

09:51:52.0828 11544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:51:52.0828 11544 Cdaudio - ok

09:51:52.0878 11544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:51:52.0888 11544 Cdfs - ok

09:51:52.0958 11544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:51:52.0969 11544 Cdrom - ok

09:51:53.0019 11544 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys

09:51:53.0019 11544 cfwids - ok

09:51:53.0069 11544 Changer - ok

09:51:53.0159 11544 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

09:51:53.0159 11544 CmdIde - ok

09:51:53.0209 11544 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

09:51:53.0209 11544 Cpqarray - ok

09:51:53.0259 11544 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

09:51:53.0259 11544 dac2w2k - ok

09:51:53.0289 11544 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

09:51:53.0289 11544 dac960nt - ok

09:51:53.0389 11544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:51:53.0389 11544 Disk - ok

09:51:53.0469 11544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:51:53.0499 11544 dmboot - ok

09:51:53.0539 11544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:51:53.0549 11544 dmio - ok

09:51:53.0579 11544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:51:53.0579 11544 dmload - ok

09:51:53.0639 11544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:51:53.0649 11544 DMusic - ok

09:51:53.0720 11544 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

09:51:53.0730 11544 dpti2o - ok

09:51:53.0790 11544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:51:53.0790 11544 drmkaud - ok

09:51:53.0840 11544 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

09:51:53.0850 11544 E100B - ok

09:51:53.0890 11544 EagleNT - ok

09:51:53.0990 11544 ECnvtBox (67eca2b943429ce11296fac767d357bd) C:\WINDOWS\system32\Drivers\ECnvtBox.sys

09:51:54.0020 11544 ECnvtBox - ok

09:51:54.0120 11544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:51:54.0120 11544 Fastfat - ok

09:51:54.0170 11544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:51:54.0170 11544 Fdc - ok

09:51:54.0230 11544 FileMonitor - ok

09:51:54.0260 11544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:51:54.0260 11544 Fips - ok

09:51:54.0290 11544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:51:54.0290 11544 Flpydisk - ok

09:51:54.0320 11544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:51:54.0320 11544 FltMgr - ok

09:51:54.0361 11544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:51:54.0361 11544 Fs_Rec - ok

09:51:54.0381 11544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:51:54.0381 11544 Ftdisk - ok

09:51:54.0411 11544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:51:54.0421 11544 Gpc - ok

09:51:54.0491 11544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:51:54.0491 11544 HidUsb - ok

09:51:54.0531 11544 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

09:51:54.0541 11544 hpn - ok

09:51:54.0581 11544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:51:54.0591 11544 HTTP - ok

09:51:54.0641 11544 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

09:51:54.0641 11544 i2omgmt - ok

09:51:54.0671 11544 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

09:51:54.0671 11544 i2omp - ok

09:51:54.0701 11544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:51:54.0711 11544 i8042prt - ok

09:51:54.0761 11544 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

09:51:54.0781 11544 ialm - ok

09:51:54.0811 11544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:51:54.0811 11544 Imapi - ok

09:51:54.0881 11544 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

09:51:54.0881 11544 ini910u - ok

09:51:54.0911 11544 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:51:54.0911 11544 IntelIde - ok

09:51:54.0971 11544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:51:54.0971 11544 intelppm - ok

09:51:55.0072 11544 IObitUnlocker (2f6cf948117cbd383315ebf070d27aa4) C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys

09:51:55.0072 11544 IObitUnlocker - ok

09:51:55.0142 11544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:51:55.0152 11544 Ip6Fw - ok

09:51:55.0192 11544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:51:55.0192 11544 IpFilterDriver - ok

09:51:55.0252 11544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:51:55.0252 11544 IpInIp - ok

09:51:55.0292 11544 IpNat (6c2d3a5ee416cdd386c1e69bf86aaef3) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:51:55.0292 11544 IpNat ( Rootkit.Win32.ZAccess.c ) - infected

09:51:55.0292 11544 IpNat - detected Rootkit.Win32.ZAccess.c (0)

09:51:55.0322 11544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:51:55.0322 11544 IPSec - ok

09:51:55.0362 11544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:51:55.0362 11544 IRENUM - ok

09:51:55.0412 11544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:51:55.0412 11544 isapnp - ok

09:51:55.0462 11544 JL2005C (a7b973de438a6b98ca7f365837d2f548) C:\WINDOWS\system32\Drivers\jl2005c.sys

09:51:55.0472 11544 JL2005C - ok

09:51:55.0512 11544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:51:55.0512 11544 Kbdclass - ok

09:51:55.0532 11544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:51:55.0532 11544 kbdhid - ok

09:51:55.0622 11544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:51:55.0632 11544 kmixer - ok

09:51:55.0682 11544 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys

09:51:55.0682 11544 KMWDFILTER - ok

09:51:55.0742 11544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:51:55.0742 11544 KSecDD - ok

09:51:55.0763 11544 lbrtfdc - ok

09:51:55.0853 11544 MBAMSwissArmy - ok

09:51:55.0963 11544 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys

09:51:55.0973 11544 mfeapfk - ok

09:51:56.0033 11544 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys

09:51:56.0053 11544 mfeavfk - ok

09:51:56.0073 11544 mfeavfk01 - ok

09:51:56.0113 11544 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys

09:51:56.0113 11544 mfebopk - ok

09:51:56.0173 11544 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys

09:51:56.0183 11544 mfefirek - ok

09:51:56.0243 11544 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys

09:51:56.0253 11544 mfehidk - ok

09:51:56.0313 11544 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

09:51:56.0313 11544 mfendisk - ok

09:51:56.0323 11544 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

09:51:56.0323 11544 mfendiskmp - ok

09:51:56.0373 11544 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys

09:51:56.0373 11544 mferkdet - ok

09:51:56.0444 11544 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

09:51:56.0444 11544 mferkdk - ok

09:51:56.0494 11544 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

09:51:56.0494 11544 mfesmfk - ok

09:51:56.0534 11544 mfetdi2k - ok

09:51:56.0574 11544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:51:56.0574 11544 mnmdd - ok

09:51:56.0624 11544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:51:56.0624 11544 Modem - ok

09:51:56.0674 11544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:51:56.0674 11544 Mouclass - ok

09:51:56.0694 11544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:51:56.0694 11544 mouhid - ok

09:51:56.0754 11544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:51:56.0754 11544 MountMgr - ok

09:51:56.0804 11544 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

09:51:56.0804 11544 mraid35x - ok

09:51:56.0834 11544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:51:56.0854 11544 MRxDAV - ok

09:51:56.0904 11544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:51:56.0914 11544 MRxSmb - ok

09:51:56.0964 11544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:51:56.0964 11544 Msfs - ok

09:51:57.0014 11544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:51:57.0024 11544 MSKSSRV - ok

09:51:57.0034 11544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:51:57.0044 11544 MSPCLOCK - ok

09:51:57.0074 11544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:51:57.0074 11544 MSPQM - ok

09:51:57.0114 11544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:51:57.0114 11544 mssmbios - ok

09:51:57.0155 11544 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:51:57.0155 11544 MSTEE - ok

09:51:57.0255 11544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:51:57.0265 11544 Mup - ok

09:51:57.0295 11544 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:51:57.0305 11544 NABTSFEC - ok

09:51:57.0345 11544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:51:57.0355 11544 NDIS - ok

09:51:57.0395 11544 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:51:57.0395 11544 NdisIP - ok

09:51:57.0435 11544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:51:57.0435 11544 NdisTapi - ok

09:51:57.0475 11544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:51:57.0475 11544 Ndisuio - ok

09:51:57.0505 11544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:51:57.0505 11544 NdisWan - ok

09:51:57.0545 11544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:51:57.0545 11544 NDProxy - ok

09:51:57.0605 11544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:51:57.0605 11544 NetBIOS - ok

09:51:57.0655 11544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:51:57.0655 11544 NetBT - ok

09:51:57.0715 11544 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

09:51:57.0715 11544 nm - ok

09:51:57.0735 11544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:51:57.0735 11544 Npfs - ok

09:51:57.0775 11544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:51:57.0785 11544 Ntfs - ok

09:51:57.0836 11544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:51:57.0836 11544 Null - ok

09:51:57.0886 11544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:51:57.0896 11544 NwlnkFlt - ok

09:51:57.0916 11544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:51:57.0916 11544 NwlnkFwd - ok

09:51:57.0966 11544 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

09:51:57.0966 11544 NwlnkIpx - ok

09:51:57.0996 11544 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

09:51:57.0996 11544 NwlnkNb - ok

09:51:58.0016 11544 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

09:51:58.0026 11544 NwlnkSpx - ok

09:51:58.0086 11544 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

09:51:58.0086 11544 NWRDR - ok

09:51:58.0156 11544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:51:58.0166 11544 Parport - ok

09:51:58.0186 11544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:51:58.0186 11544 PartMgr - ok

09:51:58.0226 11544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:51:58.0226 11544 ParVdm - ok

09:51:58.0266 11544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:51:58.0276 11544 PCI - ok

09:51:58.0306 11544 PCIDump - ok

09:51:58.0336 11544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:51:58.0336 11544 PCIIde - ok

09:51:58.0376 11544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:51:58.0386 11544 Pcmcia - ok

09:51:58.0396 11544 PDCOMP - ok

09:51:58.0426 11544 PDFRAME - ok

09:51:58.0436 11544 PDRELI - ok

09:51:58.0456 11544 PDRFRAME - ok

09:51:58.0496 11544 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

09:51:58.0496 11544 perc2 - ok

09:51:58.0516 11544 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

09:51:58.0516 11544 perc2hib - ok

09:51:58.0597 11544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:51:58.0597 11544 PptpMiniport - ok

09:51:58.0627 11544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:51:58.0637 11544 PSched - ok

09:51:58.0657 11544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:51:58.0657 11544 Ptilink - ok

09:51:58.0697 11544 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:51:58.0697 11544 PxHelp20 - ok

09:51:58.0717 11544 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

09:51:58.0717 11544 ql1080 - ok

09:51:58.0747 11544 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

09:51:58.0757 11544 Ql10wnt - ok

09:51:58.0777 11544 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

09:51:58.0777 11544 ql12160 - ok

09:51:58.0797 11544 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

09:51:58.0797 11544 ql1240 - ok

09:51:58.0827 11544 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

09:51:58.0837 11544 ql1280 - ok

09:51:58.0867 11544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:51:58.0867 11544 RasAcd - ok

09:51:58.0987 11544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:51:58.0997 11544 Rasl2tp - ok

09:51:59.0017 11544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:51:59.0017 11544 RasPppoe - ok

09:51:59.0047 11544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:51:59.0047 11544 Raspti - ok

09:51:59.0077 11544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:51:59.0087 11544 Rdbss - ok

09:51:59.0117 11544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:51:59.0117 11544 RDPCDD - ok

09:51:59.0177 11544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:51:59.0197 11544 rdpdr - ok

09:51:59.0238 11544 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:51:59.0248 11544 RDPWD - ok

09:51:59.0298 11544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:51:59.0298 11544 redbook - ok

09:51:59.0368 11544 RegFilter - ok

09:51:59.0418 11544 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

09:51:59.0418 11544 ROOTMODEM - ok

09:51:59.0518 11544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:51:59.0518 11544 Secdrv - ok

09:51:59.0578 11544 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

09:51:59.0608 11544 senfilt - ok

09:51:59.0668 11544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:51:59.0668 11544 serenum - ok

09:51:59.0698 11544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:51:59.0698 11544 Serial - ok

09:51:59.0748 11544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:51:59.0768 11544 Sfloppy - ok

09:51:59.0788 11544 Simbad - ok

09:51:59.0828 11544 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

09:51:59.0828 11544 sisagp - ok

09:51:59.0868 11544 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:51:59.0868 11544 SLIP - ok

09:51:59.0918 11544 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys

09:51:59.0929 11544 smwdm - ok

09:51:59.0979 11544 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

09:51:59.0979 11544 Sparrow - ok

09:52:00.0039 11544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:52:00.0039 11544 splitter - ok

09:52:00.0089 11544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:52:00.0089 11544 sr - ok

09:52:00.0119 11544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:52:00.0129 11544 Srv - ok

09:52:00.0189 11544 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:52:00.0189 11544 streamip - ok

09:52:00.0249 11544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:52:00.0249 11544 swenum - ok

09:52:00.0299 11544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:52:00.0299 11544 swmidi - ok

09:52:00.0349 11544 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

09:52:00.0349 11544 symc810 - ok

09:52:00.0369 11544 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

09:52:00.0369 11544 symc8xx - ok

09:52:00.0409 11544 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

09:52:00.0409 11544 sym_hi - ok

09:52:00.0429 11544 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

09:52:00.0429 11544 sym_u3 - ok

09:52:00.0469 11544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:52:00.0469 11544 sysaudio - ok

09:52:00.0589 11544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:52:00.0599 11544 Tcpip - ok

09:52:00.0660 11544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:52:00.0670 11544 TDPIPE - ok

09:52:00.0710 11544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:52:00.0710 11544 TDTCP - ok

09:52:00.0790 11544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:52:00.0790 11544 TermDD - ok

09:52:00.0880 11544 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

09:52:00.0880 11544 TosIde - ok

09:52:00.0940 11544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:52:00.0950 11544 Udfs - ok

09:52:01.0000 11544 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

09:52:01.0000 11544 ultra - ok

09:52:01.0070 11544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:52:01.0080 11544 Update - ok

09:52:01.0150 11544 UrlFilter - ok

09:52:01.0210 11544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:52:01.0210 11544 usbccgp - ok

09:52:01.0270 11544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:52:01.0270 11544 usbehci - ok

09:52:01.0331 11544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:52:01.0331 11544 usbhub - ok

09:52:01.0381 11544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:52:01.0381 11544 usbscan - ok

09:52:01.0451 11544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:52:01.0451 11544 USBSTOR - ok

09:52:01.0501 11544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:52:01.0511 11544 usbuhci - ok

09:52:01.0541 11544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:52:01.0541 11544 VgaSave - ok

09:52:01.0611 11544 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

09:52:01.0611 11544 viaagp - ok

09:52:01.0661 11544 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

09:52:01.0671 11544 ViaIde - ok

09:52:01.0711 11544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:52:01.0721 11544 VolSnap - ok

09:52:01.0771 11544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:52:01.0781 11544 Wanarp - ok

09:52:01.0811 11544 WDICA - ok

09:52:01.0871 11544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:52:01.0871 11544 wdmaud - ok

09:52:02.0042 11544 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:52:02.0042 11544 WSTCODEC - ok

09:52:02.0132 11544 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys

09:52:02.0132 11544 xbreader - ok

09:52:02.0232 11544 XDva281 - ok

09:52:02.0272 11544 MBR (0x1B8) (367d0840095cc28db7eab0d0c3769e41) \Device\Harddisk0\DR0

09:52:02.0272 11544 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

09:52:02.0272 11544 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

09:52:02.0282 11544 Boot (0x1200) (9ec7511613c45870ae46bb07dd638f38) \Device\Harddisk0\DR0\Partition0

09:52:02.0282 11544 \Device\Harddisk0\DR0\Partition0 - ok

09:52:02.0282 11544 ============================================================

09:52:02.0282 11544 Scan finished

09:52:02.0282 11544 ============================================================

09:52:02.0302 5196 Detected object count: 3

09:52:02.0302 5196 Actual detected object count: 3

09:52:32.0385 5196 HKLM\SYSTEM\ControlSet001\services\1206438843 - will be deleted on reboot

09:52:32.0405 5196 HKLM\SYSTEM\ControlSet002\services\1206438843 - will be deleted on reboot

09:52:32.0435 5196 HKLM\SYSTEM\ControlSet003\services\1206438843 - will be deleted on reboot

09:52:32.0465 5196 HKLM\SYSTEM\ControlSet004\services\1206438843 - will be deleted on reboot

09:52:32.0465 5196 HKLM\SYSTEM\ControlSet005\services\1206438843 - will be deleted on reboot

09:52:32.0485 5196 HKLM\SYSTEM\ControlSet006\services\1206438843 - will be deleted on reboot

09:52:32.0505 5196 C:\WINDOWS\system32\drivers\1206438843.sys - will be deleted on reboot

09:52:32.0505 5196 1206438843 ( LockedService.Multi.Generic ) - User select action: Delete

09:52:32.0606 5196 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipnat.sys) error 1813

09:52:33.0767 5196 Backup copy not found, trying to cure infected file..

09:52:33.0917 5196 C:\WINDOWS\system32\DRIVERS\ipnat.sys - Cure failed (FFFFFFFF)

09:52:33.0917 5196 C:\WINDOWS\system32\DRIVERS\ipnat.sys - processing error

09:52:33.0917 5196 IpNat ( Rootkit.Win32.ZAccess.c ) - User select action: Cure

09:52:33.0957 5196 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

09:52:33.0957 5196 \Device\Harddisk0\DR0 - ok

09:52:33.0957 5196 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

09:52:40.0937 9576 Deinitialize success

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8012

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

10/24/2011 11:58:00 AM

mbam-log-2011-10-24 (11-57-54).txt

Scan type: Quick scan

Objects scanned: 172219

Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-10-24.02 - User 10/24/2011 11:06:10.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.565 [GMT -5:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Doctor Web Anti-Virus *Enabled/Outdated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\kEo16633dOdPb16633

c:\documents and settings\All Users\Application Data\kEo16633dOdPb16633\kEo16633dOdPb16633

c:\documents and settings\All Users\Application Data\kEo16633dOdPb16633\kEo16633dOdPb16633.exe

c:\documents and settings\User\Start Menu\Internet Explorer.lnk

c:\documents and settings\User\Start Menu\Programs\Startup\winupd.lnk

C:\install.exe

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\help\tours\htmltour\unlock_playing.htm

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system32\d3d9caps.dat

.

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

c:\windows\system32\DRIVERS\ipnat.sys . . . is infected!!

.

c:\program files\IObit\Advanced SystemCare 4\ASCService.exe . . . is infected!!

c:\program files\IObit\Advanced SystemCare 4\ASCService.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe . . . is infected!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Motive\McciCMService.exe . . . is infected!!

c:\program files\Common Files\Motive\McciCMService.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe . . . is infected!!

c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\McAfee\SystemCore\\mcshield.exe . . . is infected!!

c:\program files\Common Files\McAfee\SystemCore\\mcshield.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe . . . is infected!!

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe . . . is infected!!

c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\windows\system32\mfevtps.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{C0405BAD-5D99-4914-A384-6B6B0F6C1E8C}\RP615\A0061348.exe

.

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe . . . is infected!!

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe . . . is infected!!

c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\TeamViewer\Version6\TeamViewer_Service.exe . . . is infected!!

c:\program files\TeamViewer\Version6\TeamViewer_Service.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE . . . is infected!!

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . is infected!!

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . was deleted!! You should re-install the program it pertains to

.

.

((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))

.

.

2011-10-17 21:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-17 20:34 . 2011-10-17 20:34 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys

2011-10-17 20:34 . 2011-10-17 20:34 109560 ----a-w- c:\windows\system32\drivers\spiderg3.sys

2011-10-17 20:34 . 2011-10-17 20:34 55800 ----a-w- c:\windows\system32\drivers\dw_wfp.sys

2011-10-17 20:34 . 2011-10-17 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web

2011-10-17 19:58 . 2011-10-17 19:58 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-15 21:05 . 2011-10-15 21:05 -------- d-----w- c:\program files\CCleaner

2011-10-15 18:53 . 2011-10-15 20:06 -------- d-----w- c:\documents and settings\User\Doctor Web

2011-10-15 18:53 . 2011-10-15 20:49 176120 ----a-w- c:\windows\system32\drivers\DrWebLwf.sys

2011-10-15 18:52 . 2011-10-15 18:52 -------- d-----w- c:\program files\Common Files\Doctor Web

2011-10-15 18:52 . 2011-10-24 15:36 -------- d-----w- c:\program files\DrWeb

2011-10-15 17:50 . 2011-10-15 17:50 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2011-10-15 17:47 . 2011-10-17 20:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-15 17:47 . 2011-10-15 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-10-15 16:35 . 2011-10-15 16:35 -------- d-----w- c:\documents and settings\User\Application Data\GHISLER

2011-10-15 16:35 . 2011-10-14 13:00 545 ----a-w- c:\windows\UC.PIF

2011-10-15 16:35 . 2011-10-14 13:00 545 ----a-w- c:\windows\RAR.PIF

2011-10-15 16:35 . 2011-10-14 13:00 545 ----a-w- c:\windows\LHA.PIF

2011-10-15 16:35 . 2011-10-14 13:00 545 ----a-w- c:\windows\ARJ.PIF

2011-10-15 16:19 . 2011-10-15 16:19 -------- d-----w- C:\getservices

2011-10-15 14:46 . 2011-10-17 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-13 20:16 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2011-10-13 20:15 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2011-10-13 20:15 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2011-10-13 20:15 . 2008-04-14 00:12 16384 ----a-w- c:\windows\system32\ipsink.ax

2011-10-13 20:15 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2011-10-13 20:15 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2011-10-13 20:15 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2011-10-13 20:15 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2011-10-13 20:15 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax

2011-10-13 20:15 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax

2011-10-13 20:15 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2011-10-13 20:15 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax

2011-10-13 20:15 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\dshowext.ax

2011-10-13 20:08 . 2011-10-14 21:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Vivitar Experience Image Manager

2011-10-13 20:08 . 2011-10-14 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivitar

2011-10-13 20:08 . 2011-10-13 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivitar Experience Image Manager

2011-10-13 20:07 . 2011-10-13 20:07 -------- d-----w- c:\program files\MTA

2011-10-13 20:07 . 2011-10-13 20:07 -------- d-----w- c:\program files\69379

2011-10-13 20:07 . 2009-05-25 21:01 69098 ----a-w- c:\windows\system32\drivers\jl2005c.sys

2011-10-13 20:07 . 2005-12-15 22:34 135168 ----a-w- c:\windows\system32\jl_jdct.drv

2011-10-13 20:07 . 2005-08-10 15:44 15360 ----a-w- c:\windows\system32\jl2005c.ax

2011-10-13 20:07 . 2011-10-13 20:07 -------- d-----w- c:\program files\Haali

2011-10-13 20:06 . 2011-10-15 14:30 -------- d-----w- c:\program files\Vivitar Experience Image Manager

2011-10-13 17:33 . 2011-10-13 17:33 -------- d-----w- c:\documents and settings\User\Application Data\Search Settings

2011-10-13 17:33 . 2011-10-17 21:17 -------- d-----w- c:\program files\Application Updater

2011-10-13 17:33 . 2011-10-13 17:33 -------- d-----w- c:\program files\IObit Toolbar

2011-10-13 17:33 . 2011-10-13 17:33 -------- d-----w- c:\program files\Common Files\Spigot

2011-10-13 16:45 . 2011-10-13 16:45 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations

2011-10-13 14:05 . 2011-10-15 20:46 -------- d-----w- c:\documents and settings\User\DoctorWeb

2011-10-12 22:46 . 2011-10-12 22:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WinZip

2011-10-12 20:56 . 2011-10-12 23:04 -------- d-----w- C:\scan

2011-10-12 20:37 . 2011-10-12 20:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore

2011-10-12 18:58 . 2011-10-15 17:07 -------- d-----w- c:\documents and settings\User\Application Data\IObit

2011-10-12 18:37 . 2011-10-12 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2011-10-12 18:01 . 2011-10-12 18:01 -------- d--h--w- c:\windows\PIF

2011-10-12 17:55 . 2011-10-13 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-10-12 17:54 . 2011-10-13 17:32 -------- d-----w- c:\program files\IObit

2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-12 17:40 . 2011-10-22 05:20 -------- d-----w- c:\documents and settings\User\Application Data\TeamViewer

2011-10-12 17:40 . 2011-10-12 17:40 -------- d-----w- c:\program files\TeamViewer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-12 18:51 . 2008-03-25 18:21 26488 ----a-w- c:\windows\system32\spupdsvc.exe

2010-10-14 04:28 . 2011-03-03 08:23 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys

[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

.

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

.

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

.

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

.

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

.

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

.

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

.

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

.

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

.

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

.

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe

[-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe

.

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll

[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll

[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll

[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

.

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

[-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

.

[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-13 17:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys

[-] 2008-04-13 17:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

.

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS

.

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

.

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll

[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe

[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe

[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe

[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe

[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe

[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe

[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\ntkrnlpa.exe

[-] 2006-02-28 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

.

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

.

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

.

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

[7] 2011-06-20 . 993F33696EF219C306BF9BBA34D85073 . 634648 . . [7.00.6000.17099] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2011-06-20 . DE0F15DD275A36C3E67DC1E36F958F3A . 634648 . . [7.00.6000.21302] . . c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\iexplore.exe

[7] 2011-04-21 . B6E13F9C120C776A89D783E26D6C15C5 . 634648 . . [7.00.6000.17098] . . c:\windows\ie7updates\KB2559049-IE7\iexplore.exe

[7] 2011-04-21 . 3E23DBEBE1020D52C63235E4189FAC03 . 634648 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe

[7] 2011-02-14 . E4A798DFDE7FE6E79F23548F0EF0F844 . 634648 . . [7.00.6000.17096] . . c:\windows\SoftwareDistribution\Download\854a2ecd85b162f2eb4e0f18a906a0b9\sp3gdr\iexplore.exe

[7] 2011-02-14 . E3CC8CCF21BFDC954255BB17083FB9F0 . 634648 . . [7.00.6000.21298] . . c:\windows\SoftwareDistribution\Download\854a2ecd85b162f2eb4e0f18a906a0b9\sp3qfe\iexplore.exe

[7] 2010-12-20 . 091D358EFC9D22901BD879EF37F0DAC4 . 634648 . . [7.00.6000.17095] . . c:\windows\ie7updates\KB2530548-IE7\iexplore.exe

[7] 2010-12-20 . B74CBEBA34E3CAA2CCACC87FEE8A16C0 . 634648 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe

[7] 2010-10-18 . 72D1F43C4146D312B0DB6AB98C21340E . 634648 . . [7.00.6000.17093] . . c:\windows\ie7updates\KB2482017-IE7\iexplore.exe

[7] 2010-10-18 . DA6E1F0F1932B62DD2F6ED05541C555C . 634648 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe

[7] 2010-08-25 . E5412ED9E07C42C20C48D3FF71E6B1E8 . 634648 . . [7.00.6000.17091] . . c:\windows\ie7updates\KB2416400-IE7\iexplore.exe

[7] 2010-08-25 . F047BEB9771E45A05F425499A30F9BBA . 634648 . . [7.00.6000.21293] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe

[7] 2010-06-17 . 203E897F843D56496E2CC101DFF6CE34 . 634656 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2360131-IE7\iexplore.exe

[7] 2010-06-17 . B0BC6DC9C9277250C5C8F7B7A48A02CC . 634648 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe

[7] 2010-04-16 . C4BA5E36FB57F547117305BF1E0FE454 . 634656 . . [7.00.6000.17055] . . c:\windows\ie7updates\KB2183461-IE7\iexplore.exe

[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe

[7] 2010-02-23 . B5116340B84824DDD0A641E36B126194 . 634648 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe

[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe

[7] 2009-12-18 . 53C291F3B01EECECBD7FD358EA3ACC94 . 634648 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe

[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe

[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe

[7] 2009-10-28 . 4F9B04D546C23A295F3F0AE015BE51DB . 634632 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe

[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe

[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe

[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe

[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe

[-] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe

[-] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

[-] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe

[-] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe

[-] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[-] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe

[-] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\iexplore.exe

[-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe

[-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\iexplore.exe

[-] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe

[-] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe

[-] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe

[-] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe

[-] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe

[-] 2006-02-28 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe

.

[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe

[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe

[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe

[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe

[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\ntoskrnl.exe

[-] 2006-02-28 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll

[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll

[-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll

[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll

[-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll

.

c:\windows\System32\spoolsv.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\ijji\\ijji REACTOR\\ijjiOptimizer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

.

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 3:23 AM 148520]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 3:23 AM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 3:23 AM 88544]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [?]

S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]

S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe --> c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]

S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/3/2011 3:23 AM 188136]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe --> c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [?]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 3:23 AM 55840]

S3 ECnvtBox;Embroidery Conversion Box Plus;c:\windows\system32\drivers\ECnvtBox.sys [9/5/2009 1:54 PM 37818]

S3 FileMonitor;FileMonitor;\??\c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys --> c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 3:23 AM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 3:23 AM 84264]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RegFilter;RegFilter;\??\c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys --> c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [?]

S3 UrlFilter;UrlFilter;\??\c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys --> c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [?]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 11:53 PM 19677]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

S4 IObitUnlocker;IObitUnlocker;c:\program files\IObit\IObit Unlocker\IObitUnlocker.sys [10/13/2011 12:32 PM 27552]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-24 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-10-12 21:40]

.

2011-10-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 20:08]

.

2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 05:15]

.

.

------- Supplementary Scan -------

.

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\i0e0zx71.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1318426304

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1318426342

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1318426059

FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1318425971

FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1318426362

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1318426201

FF - user.js: browser.anchor_color - #0000FF

FF - user.js: browser.display.background_color - #C0C0C0

FF - user.js: browser.display.use_system_colors - true

FF - user.js: browser.download.manager.alertOnEXEOpen - false

FF - user.js: browser.download.manager.showAlertOnComplete - false

FF - user.js: browser.formfill.enable - false

FF - user.js: browser.history_expire_days - 10

FF - user.js: browser.migration.version - 1

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.preferences.advanced.selectedTabIndex - 1

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.safebrowsing.enabled - false

FF - user.js: browser.safebrowsing.malware.enabled - false

FF - user.js: browser.search.defaultenginename - Yahoo

FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&type=685749&ilc=12

FF - user.js: browser.search.selectedEngine - Yahoo

FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.2.13

FF - user.js: browser.visited_color - #800080

FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8,runtime@panda3d.org:1.0.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - user.js: extensions.lastAppVersion - 3.6.13

FF - user.js: extensions.update.notifyUser - false

FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729)

FF - user.js: idle.lastDailyNotification - 1318426650

FF - user.js: intl.accept_languages - en-us

FF - user.js: intl.charsetmenu.browser.cache - us-ascii, ISO-8859-1, UTF-8

FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - user.js: microsoft.CLR.auto_install - false

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.http.proxy.version - 1.0

FF - user.js: network.proxy.type - 0

FF - user.js: places.last_vacuum - 1318426650

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.enable_ssl2 - true

FF - user.js: security.enable_tls - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320938766

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-SUPERAntiSpyware - c:\documents and settings\User\Desktop\sddads\SUPERAntiSpyware.exe

HKLM-Run-SpIDerAgent - c:\program files\DrWeb\spideragent.exe

HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

SafeBoot-61098752.sys

SafeBoot-DrWebEngine

AddRemove-Vivitar Experience Image Manager - c:\program files\Vivitar Experience Image Manager\uninstaller.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-24 11:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2715777751-3038119939-3851090714-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\System\ControlSet005\Enum\Root\*PNP73ac\0000]

@DACL=(02 0000)

"Service"="1206438843"

"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"

"Class"="System"

"DeviceDesc"="PCI bus"

"Mfg"="Technologies Inc"

"LocationInformation"="on Microsoft ACPI-Compliant System"

"ConfigFlags"=dword:00000000

"Capabilities"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3412)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mswsock.dll

mswsock.dll 71a50000 258048 \\?\globalroot\systemroot\system32\mswsock.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

.

**************************************************************************

.

Completion time: 2011-10-24 11:40:31 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-24 16:40

.

Pre-Run: 9,754,923,008 bytes free

Post-Run: 11,332,165,632 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

Current=5 Default=5 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - 14A0757EDE87AE5ED63C59016C865C21

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/25/2008 1:43:12 PM

System Uptime: 10/24/2011 11:14:56 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0G8310

Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3390/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 31 GiB total, 10.559 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: Communications cable between two computers

Device ID: ROOT\PNPC031\0000

Manufacturer: (Standard Modem Types)

Name: Communications cable between two computers

PNP Device ID: ROOT\PNPC031\0000

Service: Modem

.

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: Communications cable between two computers

Device ID: ROOT\PNPC031\0001

Manufacturer: (Standard Modem Types)

Name: Communications cable between two computers

PNP Device ID: ROOT\PNPC031\0001

Service: Modem

.

==== System Restore Points ===================

.

RP615: 10/21/2011 3:00:21 AM - Software Distribution Service 3.0

RP616: 10/22/2011 3:00:18 AM - Software Distribution Service 3.0

RP617: 10/23/2011 3:00:29 AM - Software Distribution Service 3.0

RP618: 10/24/2011 3:00:23 AM - Software Distribution Service 3.0

RP619: 10/24/2011 10:32:58 AM - Removed Dr.Web anti-virus for Windows 7.0.

.

==== Installed Programs ======================

.

7-Zip 4.57

Action Replay XBOX 1.40

Adobe Acrobat 5.0

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Adobe Shockwave Player 11.5

Advanced SystemCare 4

Advertising Center

Amazing Box II

ATT-RC Self Support Tool

CCleaner

Clone Wars

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB942766-v6)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

IObit Toolbar v4.7

IObit Unlocker

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 18

Java SE Development Kit 6 Update 18

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Spanish User Interface Pack

Microsoft Office Standard Edition 2003

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.6.23)

Nero BackItUp

Nero BackItUp 4 Essentials

Nero ControlCenter

Nero Installer

ReadPlease 2003/ReadPlease PLUS 2003

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SoundMAX

TeamViewer 6

Uninstall Dual Mode Camera (69379)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VideoLAN VLC media player 0.8.6d

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live ID Sign-in Assistant

Windows Media Format Runtime

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

WinZip 15.5

Xdrive Desktop Lite

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

10/24/2011 9:55:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mfetdi2k mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

10/24/2011 9:54:32 AM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The operation completed successfully.

10/24/2011 9:54:32 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/24/2011 9:54:32 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/24/2011 9:54:32 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/24/2011 9:54:32 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The operation completed successfully.

10/24/2011 9:54:32 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 9:54:11 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The PLFlash DeviceIoControl Service service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 11:15:37 AM, error: Service Control Manager [7000] - The Advanced SystemCare Service service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 10:23:16 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

10/24/2011 10:23:16 AM, error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

10/22/2011 12:01:32 PM, error: DCOM [10001] - Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -s -Embedding

10/19/2011 6:55:28 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

10/19/2011 6:19:38 PM, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%5" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding

10/19/2011 4:32:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.

10/17/2011 4:12:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.

10/17/2011 4:12:54 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.

10/17/2011 4:12:54 PM, error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:47:44 PM, error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).

10/17/2011 3:01:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfetdi2k

10/17/2011 3:01:06 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

10/17/2011 3:01:06 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

10/17/2011 3:01:06 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

10/17/2011 3:01:06 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

10/17/2011 3:01:04 PM, error: Service Control Manager [7022] - The McAfee Firewall Core Service service hung on starting.

10/17/2011 2:56:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/17/2011 2:53:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

10/17/2011 2:47:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mferkdk mfetdi2k

10/17/2011 2:06:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

10/17/2011 2:06:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

10/17/2011 1:19:17 PM, error: Service Control Manager [7031] - The Dr.Web Scanning Engine (DrWebEngine) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

10/17/2011 1:09:49 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

I see a lot of system corruption here caused by malware.

Also, I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.