Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

181 Critical Threats Found


  • Please log in to reply

#1
01010011

01010011

    Member

  • Member
  • PipPip
  • 63 posts
Based on rshaffer61's wise advice from this post, in which he/she suspected there may be more viruses on the system I am working on, the following describes the steps I took to remove them and the results:

1. SuperAntiSpyware (307 threats detected, 181 of which are Critical Threats)
2. MalwareBytes (31 infected files)
3. NOD32 (4 threats found)
4. mrt.exe (August 2011 version - 0 threats found)
5. CCleaner.exe (cleaner and registry cleaner)
6. For the Microsoft misdirects, I followed all steps in How to fix Google Redirects (nothing found)
7. Finally, skifxr's solution worked for the Microsoft misdirects

Also please note that when I connect the computer to the internet, the network LED flickers non-stop, inspite of the fact that no applications are running and the System Idle Process averages 99% CPU usage in Task Manager. I did a netstat -a from the command line but did not notice any unusual port connections established I disabled all exceptions in the Windows firewall.

I am unable to update XP because the Volume License Key Blocked by Microsoft. I would prefer to upgrade to Windows 7 but this upgrade (both hardware and software) is too expensive for my friend at this time.

So where do I go from here? What additional steps should I take to find more viruses? Search for root kits? (I ran TDSSKiller, is there anything more effective than this?)

Edited by 01010011, 31 August 2011 - 03:39 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron
  • 0

#3
01010011

01010011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
kindly delete

Edited by 01010011, 01 September 2011 - 05:57 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I can't read the OTL log. Please post it again but this time do not quote it. Just paste it into a reply. Don't forget the Extras log.

Ron
  • 0

#5
01010011

01010011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
kindly delete

Edited by 01010011, 01 September 2011 - 05:57 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Are you doing anything to the files? (Maybe opening them on a MAC?) Do they look like that when OTL created them?

Normally each line is on its own line and I'm going blind trying to read this mess. Please just attach the files. Perhaps that way they won't get messed up.

Ron
  • 0

#7
01010011

01010011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
OTL logfile created on: 8/31/2011 10:21:58 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\john doe\My Documents\tools\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 647.18 Mb Available Physical Memory | 67.45% Memory free
1.60 Gb Paging File | 1.04 Gb Available in Paging File | 64.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 57.57 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.79 Gb Total Space | 111.59 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: EXECUTIV-83FD5D | User Name: john doe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 11:38:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john doe\My Documents\tools\OTL\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/06/24 23:13:57 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
PRC - [2010/01/04 22:27:17 | 000,057,344 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/25 15:41:26 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2006/11/28 14:12:12 | 000,222,720 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006/11/06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006/09/14 18:54:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/09/05 23:10:34 | 000,450,560 | ---- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIAudioi\SBADeck\ADeck.exe
PRC - [2005/04/13 11:46:58 | 000,751,104 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
PRC - [2004/03/09 15:59:48 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2011/07/20 10:59:42 | 001,489,056 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2010/06/24 23:13:57 | 000,480,664 | ---- | M] () -- C:\Program Files\HiYo\Bin\AppServerCommunication.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/04 22:27:17 | 000,057,344 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/10 21:49:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/04/13 11:46:58 | 000,751,104 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
MOD - [2004/03/09 15:59:48 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
MOD - [2003/09/10 19:42:28 | 000,045,056 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR Plus\TVR\kwspnd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Running] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/11/06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\john doe\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\john doe\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/10/10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/10/10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/10/10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/10/10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/09/23 00:30:02 | 000,672,128 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x)
DRV - [2005/08/03 03:16:10 | 000,202,112 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/29 15:35:30 | 000,219,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/09/29 15:34:24 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 15:33:50 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/01 14:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\john doe\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\john doe\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/31 07:04:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/31 10:57:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/24 23:33:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 14:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
[2011/08/31 14:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\FinalWire
[2011/08/31 13:36:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/31 11:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Desktop\GooredFix Backups
[2011/08/31 10:36:19 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/31 10:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/31 08:18:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\john doe\Recent
[2011/08/31 07:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Local Settings\Application Data\ESET
[2011/08/31 07:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2011/08/31 07:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Start Menu\Programs\Google Chrome
[2011/08/31 07:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Local Settings\Application Data\Deployment
[2011/08/31 07:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/08/31 07:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/08/31 06:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/30 02:25:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/30 02:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/30 02:25:05 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/30 02:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/30 02:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/08/30 02:16:30 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/30 02:16:06 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/30 02:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\My Documents\tools
[2011/08/28 00:51:34 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\john doe\My Documents\mseinstall.exe
[2011/08/28 00:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Application Data\SUPERAntiSpyware.com
[2011/08/28 00:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/28 00:06:57 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/08/28 00:05:20 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/08/22 20:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/22 11:15:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/08/31 22:15:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007UA.job
[2011/08/31 14:37:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/31 14:36:49 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\john doe\Desktop\AIDA64 Extreme Edition.lnk
[2011/08/31 13:32:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/31 13:32:08 | 1006,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/31 10:57:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/31 07:15:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007Core.job
[2011/08/31 07:11:23 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\john doe\Desktop\Google Chrome.lnk
[2011/08/31 07:11:23 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\john doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 06:48:29 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/30 03:25:38 | 000,545,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/30 03:25:38 | 000,104,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/30 02:25:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 02:16:42 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/08/30 02:16:41 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/08/28 00:52:52 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/28 00:51:43 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\john doe\My Documents\mseinstall.exe
[2011/08/28 00:24:16 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/22 20:07:40 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Desktop.lnk

========== Files Created - No Company Name ==========

[2011/08/31 14:36:49 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\john doe\Desktop\AIDA64 Extreme Edition.lnk
[2011/08/31 07:11:23 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\john doe\Desktop\Google Chrome.lnk
[2011/08/31 07:11:23 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\john doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 07:10:20 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007UA.job
[2011/08/31 07:10:18 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007Core.job
[2011/08/31 06:48:29 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/30 02:25:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 02:16:42 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/08/30 02:16:41 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/08/30 00:54:13 | 1006,161,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/28 00:52:52 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/08/22 20:07:40 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Desktop.lnk
[2010/10/31 23:37:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/07/26 03:17:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\a8.ini
[2010/03/10 22:33:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/03 22:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2010/01/03 22:16:02 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2010/01/03 22:16:02 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2010/01/03 22:16:02 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/10/26 00:19:43 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2008/08/24 21:29:32 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/10 14:00:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2006/09/29 17:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/21 15:58:37 | 000,152,064 | ---- | C] () -- C:\WINDOWS\snap.dat
[2006/08/28 11:18:13 | 000,000,143 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2006/08/28 11:11:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS76.DLL
[2006/08/28 11:06:05 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\NSVIDEO.dll
[2006/08/28 11:04:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\EZPhotoPanorama2.ini
[2006/08/28 11:03:13 | 000,005,561 | ---- | C] () -- C:\WINDOWS\EZPhotoTools2.ini
[2006/08/28 11:02:33 | 000,001,014 | ---- | C] () -- C:\WINDOWS\EZPhotoBrowser2.ini
[2006/08/28 11:01:09 | 000,000,852 | ---- | C] () -- C:\WINDOWS\Showtime1.ini
[2006/08/24 23:57:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\p3xunist.exe
[2006/08/24 23:57:49 | 000,003,099 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini
[2006/08/24 23:54:20 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/24 23:54:20 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/24 23:54:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/24 23:54:20 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/24 23:54:20 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/24 23:54:20 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/24 23:54:20 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/24 23:54:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/24 23:54:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/24 23:54:06 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/24 23:54:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/24 23:52:21 | 000,000,068 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2006/08/24 23:45:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2006/08/24 23:40:13 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/08/24 23:40:13 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/08/24 23:39:56 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/08/24 23:39:55 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/08/24 23:39:51 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/08/24 23:39:47 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/24 23:36:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/24 23:09:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/24 19:03:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/24 19:02:15 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/24 12:28:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,545,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,104,496 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B66DF0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636

< End of report >



OTL Extras logfile created on: 8/31/2011 10:21:58 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\john doe\My Documents\tools\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 647.18 Mb Available Physical Memory | 67.45% Memory free
1.60 Gb Paging File | 1.04 Gb Available in Paging File | 64.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 57.57 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.79 Gb Total Space | 111.59 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: EXECUTIV-83FD5D | User Name: john doe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Disabled:AVG Diagnostics 2011
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Disabled:AVG Installer
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Disabled:IncrediMail
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Disabled:IncrediMail
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Disabled:IncrediMail
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Disabled:Magentic -- (IncrediMail, Ltd.)
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Disabled:Magentic -- ()
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Disabled:Magentic -- ()
"C:\Documents and Settings\Authorised\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Authorised\Application Data\mjusbsp\magicJack.exe:*:Disabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Disabled:Online Shield
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Disabled:Personal E-mail Scanner
"C:\Documents and Settings\Authorised\Application Data\Vusion\WARPVideoStreamer.exe" = C:\Documents and Settings\Authorised\Application Data\Vusion\WARPVideoStreamer.exe:*:Disabled:WARP Video Streamer -- (Vusion Inc.)
"C:\Documents and Settings\All Users\Application Data\5677b2c\WE5677.exe" = C:\Documents and Settings\All Users\Application Data\5677b2c\WE5677.exe:*:Disabled:Windows Enterprise Defender


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E1E235-AB45-4695-A156-073118949ED4}" = HiYo
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{03410010-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{0A656F84-7C04-4705-B52F-074B2A941C74}" = PCI SoftV92 Modem
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1ABB690A-5109-46C6-8034-63E0DAA864D0}" = Dynamic Learning - Practical Cookery (Student)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}" = EZVideo Mail
"{313aa16e-8c61-410c-a225-917462421659}" = EZSuite For EZCam III
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}" = EZShowtime MMS
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70FDCCEE-E169-47DB-9D2A-2EF70377910E}" = KWorld PVR-TV 7131 Teletext
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}" = EZPhoto Browser
"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117164797}" = Dream Vacation Solitaire FREE
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}" = USB PC Camera
"{A9E336E7-6BCA-4873-891F-49B7EF49D381}" = Dynamic Learning (Student Version)
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B473BAC8-6A90-4D53-96C9-97A759A76EE8}" = EZPhoto Panorama
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6474C58-349D-4BBE-8918-DFD1DE2155CE}" = KWorld PVR-TV 7131/5 Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}" = EZPhoto Tools
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"Bruce's Typing Tutor_is1" = Bruce's Typing Tutor, Version 4.0.3
"CANONBJ_Deinstall_CNMCP76.DLL" = Canon iP1200
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Ezonics Greeting Cam Deluxe" = Ezonics Greeting Cam Deluxe
"Fishdom" = Fishdom
"HiYo" = HiYo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Luxor 2" = Luxor 2
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSI8624Drv" = MSI 8624 Video Capture
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Shockwave" = Shockwave
"TVP3XDrv" = KWorld PVR-TV 7131 WDM Drivers
"Veetle TV" = Veetle TV 0.9.17
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VIA/S3G Display Driver" = VIA/S3G Display Driver
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2011 1:19:59 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80070570

Error - 8/30/2011 1:20:05 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80070570

Error - 8/30/2011 1:20:11 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.AddIn, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070570

Error - 8/30/2011 1:20:15 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Windows.Presentation, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 . Error code = 0x80070570

Error - 8/30/2011 1:20:24 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.Activities, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570

Error - 8/30/2011 1:20:36 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570

Error - 8/30/2011 1:26:23 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570

Error - 8/30/2011 1:26:37 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.WorkflowServices, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570

Error - 8/30/2011 1:26:39 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070570

Error - 8/31/2011 6:56:40 PM | Computer Name = EXECUTIV-83FD5D | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 3/17/2011 10:25:46 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/17/2011 10:25:55 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/17/2011 10:53:33 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/20/2011 11:06:32 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/20/2011 11:34:21 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/21/2011 12:48:17 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/21/2011 12:48:55 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/25/2011 1:04:25 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/25/2011 1:04:33 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/25/2011 1:07:59 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/31/2011 9:18:08 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 8/31/2011 9:18:38 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 8/31/2011 9:18:38 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 8/31/2011 9:18:41 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 8/31/2011 9:19:11 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 8/31/2011 9:19:11 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 8/31/2011 9:19:41 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 8/31/2011 9:19:41 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 8/31/2011 9:19:56 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B1DBD568-80B2-43FA-AE07-76FB23AA4650}.
The
error: "%6" Happened while starting this command: "C:\Program Files\Windows Live\Toolbar\wltuser.exe"
-Embedding

Error - 8/31/2011 9:20:11 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.


< End of report >



Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 98.44 0 K 28 K
procexp.exe 6400 1.56 12,556 K 17,944 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
WZQKPICK.EXE 3064 696 K 388 K WinZip Executable WinZip Computing, Inc.
wmiprvse.exe 10092 2,376 K 5,080 K WMI Microsoft Corporation
wltuser.exe 1384 4,748 K 4,656 K Windows Live Toolbar User Elevation Helper Microsoft Corporation
winlogon.exe 656 7,652 K 4,388 K Windows NT Logon Application Microsoft Corporation
vVX3000.exe 2744 968 K 596 K Microsoft LifeCam Device Application Microsoft Corporation
VTTrayp.exe 2796 984 K 556 K s3contrl (32-bit) S3 Graphics Co., Ltd.
VTTimer.exe 2788 492 K 332 K S3 Graphics, Inc.
System 4 0 K 76 K
svchost.exe 864 3,252 K 2,312 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 940 2,016 K 1,772 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 980 24,876 K 19,016 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1044 1,860 K 1,744 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1152 1,648 K 1,368 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1328 1,332 K 104 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1764 2,564 K 2,016 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1252 3,628 K 1,104 K Spooler SubSystem App Microsoft Corporation
snmp.exe 1740 1,540 K 728 K SNMP Service Microsoft Corporation
SnapDetect.exe 2972 1,752 K 876 K
smss.exe 564 172 K 76 K Windows NT Session Manager Microsoft Corporation
services.exe 700 1,876 K 4,532 K Services and Controller app Microsoft Corporation
ServiceLayer.exe 2864 3,080 K 1,584 K ServiceLayer Module Nokia.
SeaPort.exe 1684 5,188 K 840 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
Scheduled.exe 2640 1,168 K 820 K
qttask.exe 2660 684 K 328 K QuickTime Task Apple Computer, Inc.
PDVDServ.exe 2584 892 K 840 K PowerDVD RC Service Cyberlink Corp.
P3XRCtl.exe 2940 2,444 K 460 K TV7131/5 Remote Control
ONENOTEM.EXE 3136 712 K 312 K Microsoft Office OneNote Quick Launcher Microsoft Corporation
msdtc.exe 1360 1,956 K 492 K MS DTC console program Microsoft Corporation
mqtgsvc.exe 1132 1,456 K 344 K Windows NT MSMQ Trigger Service Microsoft Corporation
mqsvc.exe 1896 2,128 K 980 K Message Queuing Service Microsoft Corporation
MDM.EXE 1592 1,012 K 820 K Machine Debug Manager Microsoft Corporation
mbamservice.exe 1544 101,984 K 48,736 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamgui.exe 2804 3,084 K 1,492 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lsass.exe 712 3,928 K 1,120 K LSA Shell (Export Version) Microsoft Corporation
LaunchApplication.exe 2680 8,848 K 1,740 K PC Suite Nokia
jusched.exe 2708 832 K 104 K Java™ Update Scheduler Sun Microsystems, Inc.
jqs.exe 1516 2,332 K 1,408 K Java™ Quick Starter Service Sun Microsystems, Inc.
inetinfo.exe 1500 5,844 K 1,860 K Internet Information Services Microsoft Corporation
iexplore.exe 820 50,588 K 17,720 K Internet Explorer Microsoft Corporation
iexplore.exe 3412 11,184 K 3,924 K Internet Explorer Microsoft Corporation
iexplore.exe 208 43,728 K 5,396 K Internet Explorer Microsoft Corporation
HiYo.exe 2736 5,088 K 1,152 K HiYo IncrediMail, Ltd.
GrooveMonitor.exe 2720 2,136 K 736 K GrooveMonitor Utility Microsoft Corporation
explorer.exe 2436 24,316 K 23,336 K Windows Explorer Microsoft Corporation
ekrn.exe 1460 70,072 K 35,220 K ESET Service ESET
egui.exe 2828 1,972 K 3,164 K ESET GUI ESET
ctfmon.exe 2872 920 K 548 K CTF Loader Microsoft Corporation
csrss.exe 628 1,864 K 2,980 K Client Server Runtime Process Microsoft Corporation
cisvc.exe 1440 5,980 K 520 K Content Index service Microsoft Corporation
cidaemon.exe 2568 3,220 K 988 K Indexing Service filter daemon Microsoft Corporation
cidaemon.exe 2176 1,324 K 748 K Indexing Service filter daemon Microsoft Corporation
alg.exe 1616 1,212 K 852 K Application Layer Gateway Service Microsoft Corporation
ADeck.exe 2544 2,520 K 1,020 K Audio Deck VIA Technologies, Inc.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Much better.

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Run the Avg Remover



Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 22

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Uninstall:
Windows Live Essentials (throwing errors)
Windows Live Toolbar
"Yahoo! Companion" = Yahoo! Toolbar (foistware)
"Yahoo! Toolbar" = Yahoo! Toolbar
Adobe Reader 9.2 (obsolete)
Adobe Reader 9.4.2 (obsolete) (Replace with latest version of Adobe Reader from adobe.com)
Google Toolbar for Internet Explorer

Following procedure may clear some of your errors:

Stop the Background Intelligent Transfer Service and the Automatic Updates service. To do this, follow these steps:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following commands, and then press ENTER after each command:
net stop wuauserv
net stop bits
exit
Rename the Catroot2 folder.

Note Do not follow this step if you are using Microsoft Windows 2000.

To rename the Catroot2 folder, follow these steps:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following commands, and then press ENTER after each command:

net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc
exit
Important Do not rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder is not recreated if the Catroot folder is renamed.
Rename the "SoftwareDistribution" folder:
Click Start, click Run, type %systemroot%, and then click OK.
Right-click the SoftwareDistribution folder, and then click Rename.
Type SoftwareDistribution.old, and then press ENTER to rename this folder.
Register the files that are used by Windows Update and Microsoft Update. To do this, follow these steps:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following commands, press ENTER after each command, and then click OK every time that you receive a verification message:
regsvr32 wuapi.dll
regsvr32 wuaueng1.dll
regsvr32 wuaueng.dll
regsvr32 wucltui.dll
regsvr32 wups2.dll
regsvr32 wups.dll
regsvr32 wuweb.dll
Start the Background Intelligent Transfer Service, the Automatic Updates service, and the Event Log service. To do this, follow these steps:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following commands, and then press ENTER after each command:
net start bits
net start wuauserv
net start Eventlog
exit

Click the Windows "Start" button and right-click "My Computer." Click "Manage" to open the Computer Management window.
Click "Services and Applications" on the left panel and click "Services." Scroll through the right panel and double-click "Microsoft Help Center Service." Click "Disabled" in the "Startup-type" window. Click "OK" to save the changes.

Let's check for more malware:
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.



Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Let's clear the old errors and see what is still active.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#9
01010011

01010011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hello RKinner,

Click "Services and Applications" on the left panel and click "Services." Scroll through the right panel and double-click "Microsoft Help Center Service."

There was no "Microsoft Help Center Service" service.

On completion of the scan (Note if the Fix button is enabled and tell me)

When aswMBR.exe was finished, the FixMBR button was enabled but I did not click it.

If you just get a few when it finishes tell me what they are.

prop713x.dll
cap713x.sys

Disable your Antivirus software when downloading or running Combofix.

ComboFix prompted me to disable AVG Anti-Virus Free Edition 2011 but I was unable to locate it using task manager nor Add or Remove Programs, so I ran ComboFix anyway.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-02 22:29:35
-----------------------------
22:29:35.500 OS Version: Windows 5.1.2600 Service Pack 3
22:29:35.500 Number of processors: 1 586 0x1C00
22:29:35.500 ComputerName: EXECUTIV-83FD5D UserName: john doe
22:29:36.671 Initialize success
22:30:38.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:30:38.000 Disk 0 Vendor: Maxtor_6B200P0 BAH41G10 Size: 194481MB BusType: 3
22:30:40.015 Disk 0 MBR read successfully
22:30:40.015 Disk 0 MBR scan
22:30:40.015 Disk 0 Windows XP default MBR code
22:30:40.015 Disk 0 scanning sectors +398283480
22:30:40.062 Disk 0 scanning C:\WINDOWS\system32\drivers
22:30:45.296 Service scanning
22:30:46.265 Modules scanning
22:30:50.406 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
22:30:50.421 Scan finished successfully
22:50:08.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\john doe\Desktop\New Folder\MBR.dat"
22:50:08.140 The log file has been saved successfully to "C:\Documents and Settings\john doe\Desktop\New Folder\aswMBR.txt"


---------------------------------------------------------------------------------------


ComboFix 11-09-02.04 - john doe 09/02/2011 22:10:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.450 [GMT -4:00]
Running from: c:\documents and settings\john doe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\5677b2c
c:\documents and settings\All Users\Application Data\5677b2c\454.mof
c:\documents and settings\All Users\Application Data\5677b2c\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\5677b2c\BackUp\Remote Control.lnk
c:\documents and settings\All Users\Application Data\5677b2c\BackUp\SnapDetect.lnk
c:\documents and settings\All Users\Application Data\5677b2c\WED.ico
c:\documents and settings\Authorised\WINDOWS
c:\recycled\Recycled
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Cache
c:\windows\system32\CddbCdda.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 02:09 . 2011-09-03 02:10 -------- d-----w- c:\windows\system32\CatRoot2
2011-09-03 01:05 . 2011-09-03 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-09-03 01:00 . 2011-09-03 01:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-03 00:59 . 2011-09-03 00:59 -------- d-----w- c:\program files\Java
2011-09-03 00:46 . 2011-09-03 00:46 -------- d-----w- c:\program files\Common Files\Java
2011-08-31 18:36 . 2011-08-31 18:36 -------- d-----w- c:\program files\FinalWire
2011-08-31 14:36 . 2011-08-31 14:36 -------- d-----w- C:\_OTM
2011-08-31 11:30 . 2011-08-31 11:30 -------- d-----w- c:\documents and settings\john doe\Local Settings\Application Data\ESET
2011-08-31 11:17 . 2011-08-31 11:17 -------- d-----w- c:\program files\WOT
2011-08-31 11:09 . 2011-08-31 11:10 -------- d-----w- c:\documents and settings\john doe\Local Settings\Application Data\Deployment
2011-08-31 11:04 . 2011-08-31 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-08-31 10:55 . 2011-08-31 11:04 -------- d-----w- c:\program files\ESET
2011-08-30 06:25 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 06:25 . 2011-08-30 06:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 06:25 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 06:16 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-30 06:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-28 04:10 . 2011-08-28 04:10 -------- d-----w- c:\documents and settings\john doe\Application Data\SUPERAntiSpyware.com
2011-08-28 04:10 . 2011-08-28 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-28 04:06 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-28 04:05 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-22 15:17 . 2011-08-22 15:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 01:00 . 2010-10-27 03:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2004-08-04 03:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-08-25 03:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 04:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 04:56 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution.old\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 04:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\19551\comctl32.dll
[-] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 04:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\SoftwareDistribution.old\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\mshtml.dll
[-] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\system32\mshtml.dll
[-] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\SoftwareDistribution.old\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\mshtml.dll
[-] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[-] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . c:\windows\SoftwareDistribution.old\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\mshtml.dll
[-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\SoftwareDistribution.old\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie8\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution.old\Download\f1062d4e51d6818acdde68ea67673088\SP3GDR\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution.old\Download\f1062d4e51d6818acdde68ea67673088\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution.old\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution.old\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution.old\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution.old\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB925902$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\SoftwareDistribution.old\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\wininet.dll
[-] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\system32\wininet.dll
[-] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\SoftwareDistribution.old\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\wininet.dll
[-] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[-] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\SoftwareDistribution.old\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\wininet.dll
[-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\SoftwareDistribution.old\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie8\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution.old\Download\f1062d4e51d6818acdde68ea67673088\SP3GDR\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution.old\Download\f1062d4e51d6818acdde68ea67673088\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution.old\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution.old\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 02:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2001-08-23 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 04:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 04:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 04:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-11 7286784]
"nwiz"="nwiz.exe" [2005-10-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-11 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"PVR Agent"="c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2005-04-13 751104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-25 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-06-25 255344]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
.
c:\documents and settings\john doe\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe [2006-9-20 57344]
SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2010-1-3 65536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-8-25 106560]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-08-25 01:28 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2004-10-11 06:54 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Documents and Settings\\Authorised\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Authorised\\Application Data\\Vusion\\WARPVideoStreamer.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2011 2:25 AM 366640]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [8/24/2006 11:56 PM 672128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2011 2:25 AM 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/30/2011 2:25 AM 41272]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-01-04 21:29]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007Core.job
- c:\documents and settings\john doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 11:10]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007UA.job
- c:\documents and settings\john doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 11:10]
.
2011-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2009-06-26 21:21]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 200.1.104.36 200.1.104.35
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
MSConfigStartUp-PVR Agent - c:\program files\MSI\[email protected] Plus\TVR\Scheduled.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 22:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-09-02 22:19:41
ComboFix-quarantined-files.txt 2011-09-03 02:19
.
Pre-Run: 60,993,904,640 bytes free
Post-Run: 61,227,024,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5E29D5CCADA45B69988E6F38619FDAF9


---------------------------------------------------------------------------------------------------


Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/09/2011 11:24:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/09/2011 10:57:08 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

Log: 'System' Date/Time: 02/09/2011 10:57:06 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Help and Support service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



--------------------------------------------------------------------------------------------


Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/09/2011 11:25:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/09/2011 10:58:02 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS' failed during request for component '{937333EC-9D00-4AC0-A984-0B559A232ABA}'

Log: 'Application' Date/Time: 02/09/2011 10:58:02 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS', component '{63E93CFD-0CAA-5C40-C01F-C8B3B9A1E18E}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.96_x-ww_51e92913\downlevel_manifest.8.0.50727.96\' does not exist.

Log: 'Application' Date/Time: 02/09/2011 10:58:00 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS' failed during request for component '{937333EC-9D00-4AC0-A984-0B559A232ABA}'

Log: 'Application' Date/Time: 02/09/2011 10:58:00 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS', component '{63E93CFD-0CAA-5C40-C01F-C8B3B9A1E18E}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.96_x-ww_51e92913\downlevel_manifest.8.0.50727.96\' does not exist.

Log: 'Application' Date/Time: 02/09/2011 10:57:53 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS' failed during request for component '{937333EC-9D00-4AC0-A984-0B559A232ABA}'

Log: 'Application' Date/Time: 02/09/2011 10:57:53 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS', component '{63E93CFD-0CAA-5C40-C01F-C8B3B9A1E18E}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.96_x-ww_51e92913\downlevel_manifest.8.0.50727.96\' does not exist.

Log: 'Application' Date/Time: 02/09/2011 10:57:48 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS' failed during request for component '{937333EC-9D00-4AC0-A984-0B559A232ABA}'

Log: 'Application' Date/Time: 02/09/2011 10:57:48 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS', component '{63E93CFD-0CAA-5C40-C01F-C8B3B9A1E18E}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.96_x-ww_51e92913\downlevel_manifest.8.0.50727.96\' does not exist.

Log: 'Application' Date/Time: 02/09/2011 10:57:45 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS' failed during request for component '{937333EC-9D00-4AC0-A984-0B559A232ABA}'

Log: 'Application' Date/Time: 02/09/2011 10:57:45 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS', component '{63E93CFD-0CAA-5C40-C01F-C8B3B9A1E18E}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.96_x-ww_51e92913\downlevel_manifest.8.0.50727.96\' does not exist.

Log: 'Application' Date/Time: 02/09/2011 10:57:22 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS' failed during request for component '{937333EC-9D00-4AC0-A984-0B559A232ABA}'

Log: 'Application' Date/Time: 02/09/2011 10:57:22 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}', feature 'PCCS', component '{63E93CFD-0CAA-5C40-C01F-C8B3B9A1E18E}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.96_x-ww_51e92913\downlevel_manifest.8.0.50727.96\' does not exist.

Log: 'Application' Date/Time: 02/09/2011 10:57:07 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 02/09/2011 10:57:07 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Edited by 01010011, 02 September 2011 - 09:54 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download Dial-A-Fix from http://djlizard.net....-v0.60.0.24.zip

Save it and then right click and Extract All. It will create a folder of the same name. In the folder should be a Dial-a-fix.exe file. Click on it.

Find the box in front of SSL/HTTPS/CryptSvc and click on it. Then hit the Go button.

Close dial-a-fix


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
SetupNTGLM7X
SASDIFSV
SASKUTIL
helpsvc



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Your event log is showing that the program PC Connectivity Solution is not correctly installed (something to do with your Nokia). You should uninstall it and download a new copy and reinstall.



Ron
  • 0

Advertisements


#11
01010011

01010011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Drag CFScript.txt over to Combofix and let go Combofix should start on its own

ComboFix prompted me to disable AVG Anti-Virus Free Edition 2011 but I was unable to locate it.

I then clicked ok, and it then warned me that AVG was still active but ComboFix will run at my own risk, and the following message remained on the AutoScan window for about 4 hours:

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double


So I restarted the computer, deleted PC Connectivity Solution and Nokia PC Suite, reinstalled Nokia PC Suite, and reran the proceedure from this step:

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad.


and 45 minutes later, again, this is all I see:

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double


Edited by 01010011, 03 September 2011 - 01:40 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Run it without the script and let's see what happens.

Ron
  • 0

#13
01010011

01010011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Run it without the script and let's see what happens.


ComboFix 11-09-02.04 - john doe 09/03/2011 17:53:21.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.446 [GMT -4:00]
Running from: c:\documents and settings\john doe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 18:48 . 2011-09-03 18:48 -------- d-----w- c:\documents and settings\john doe\Application Data\Nokia
2011-09-03 18:43 . 2011-09-03 18:43 -------- d-----w- c:\program files\Common Files\Nokia
2011-09-03 18:43 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-09-03 18:43 . 2011-09-03 18:43 -------- d-----w- c:\program files\PC Connectivity Solution
2011-09-03 18:43 . 2011-09-03 18:43 -------- d-----w- c:\program files\Nokia
2011-09-03 18:42 . 2011-09-03 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2011-09-03 13:20 . 2011-09-03 21:51 -------- d-----w- c:\windows\system32\CatRoot2
2011-09-03 01:05 . 2011-09-03 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-09-03 01:00 . 2011-09-03 01:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-03 00:59 . 2011-09-03 00:59 -------- d-----w- c:\program files\Java
2011-09-03 00:46 . 2011-09-03 00:46 -------- d-----w- c:\program files\Common Files\Java
2011-08-31 18:36 . 2011-08-31 18:36 -------- d-----w- c:\program files\FinalWire
2011-08-31 14:36 . 2011-08-31 14:36 -------- d-----w- C:\_OTM
2011-08-31 11:30 . 2011-08-31 11:30 -------- d-----w- c:\documents and settings\john doe\Local Settings\Application Data\ESET
2011-08-31 11:17 . 2011-08-31 11:17 -------- d-----w- c:\program files\WOT
2011-08-31 11:09 . 2011-08-31 11:10 -------- d-----w- c:\documents and settings\john doe\Local Settings\Application Data\Deployment
2011-08-31 11:04 . 2011-08-31 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-08-31 10:55 . 2011-08-31 11:04 -------- d-----w- c:\program files\ESET
2011-08-30 06:25 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 06:25 . 2011-08-30 06:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 06:25 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 06:16 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-30 06:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-28 04:10 . 2011-08-28 04:10 -------- d-----w- c:\documents and settings\john doe\Application Data\SUPERAntiSpyware.com
2011-08-28 04:10 . 2011-08-28 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-28 04:06 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-28 04:05 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-22 15:17 . 2011-08-22 15:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 01:00 . 2010-10-27 03:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2004-08-04 03:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-08-25 03:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 04:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 04:56 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-03 20:07 . 2011-09-03 20:07 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
+ 2011-09-03 20:07 . 2011-09-03 20:07 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
+ 2008-09-20 01:50 . 2011-05-18 14:13 75264 c:\windows\system32\nmwcdcls.dll
+ 2011-09-03 18:43 . 2008-08-26 14:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:12 23168 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbo.sys
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:12 18176 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmb.sys
+ 2011-09-03 18:42 . 2011-09-03 18:42 78336 c:\windows\Installer\111923.msi
+ 2011-09-03 18:44 . 2011-09-03 18:44 15086 c:\windows\Installer\{D0D14551-3A2D-433B-861F-F4DCE5422759}\ARPPRODUCTICON.exe
+ 2011-09-03 18:43 . 2011-09-03 18:43 10134 c:\windows\Installer\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}\ARPPRODUCTICON.exe
+ 2011-09-03 18:43 . 2011-05-18 14:09 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsuc.sys
+ 2011-09-03 18:43 . 2011-05-18 14:12 8192 c:\windows\system32\DRVSTORE\ccdcmbm_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerflt.sys
+ 2011-09-03 18:43 . 2011-05-18 14:12 8192 c:\windows\system32\DRVSTORE\ccdcmbj_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerfltj.sys
+ 2011-09-03 18:43 . 2011-09-03 18:43 3262 c:\windows\Installer\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}\ARPPRODUCTICON.exe
+ 2011-04-29 08:49 . 2011-09-03 20:07 219734 c:\windows\system32\inetsrv\MetaBase.bin
+ 2011-09-03 18:43 . 2011-01-03 18:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll
+ 2011-09-03 18:43 . 2011-05-18 14:09 137600 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsu.sys
+ 2011-09-03 18:43 . 2011-05-18 14:13 605696 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcocls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:13 123904 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbwu.dll
+ 2011-09-03 18:44 . 2011-09-03 18:44 854016 c:\windows\Installer\111948.msi
+ 2011-09-03 18:43 . 2011-09-03 18:43 496128 c:\windows\Installer\111942.msi
+ 2011-09-03 18:43 . 2011-09-03 18:43 337408 c:\windows\Installer\11193c.msi
+ 2011-09-03 18:43 . 2011-01-03 17:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll
+ 2011-09-03 18:43 . 2011-05-18 14:09 1461992 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\wdfcoinstaller01009.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-11 7286784]
"nwiz"="nwiz.exe" [2005-10-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-11 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"PVR Agent"="c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2005-04-13 751104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-25 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-06-25 255344]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\john doe\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe [2006-9-20 57344]
SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2010-1-3 65536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-8-25 106560]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-08-25 01:28 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2004-10-11 06:54 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Documents and Settings\\Authorised\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Authorised\\Application Data\\Vusion\\WARPVideoStreamer.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2011 2:25 AM 366640]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [8/24/2006 11:56 PM 672128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2011 2:25 AM 22712]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/30/2011 2:25 AM 41272]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-01-04 21:29]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007Core.job
- c:\documents and settings\john doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 11:10]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007UA.job
- c:\documents and settings\john doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 11:10]
.
2011-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2009-06-26 21:21]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 17:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-09-03 18:01:25
ComboFix-quarantined-files.txt 2011-09-03 22:01
.
Pre-Run: 61,031,886,848 bytes free
Post-Run: 60,986,966,016 bytes free
.
- - End Of File - - 28560D4DC10430E184DE786855A2F463
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Submit this file to http://virustotal.com:
C:\WINDOWS\system32\ntdll.dll

and also this one

c:\windows\system32\drivers\atapi.sys

If you don't get a result that says something like 0/43 on each please copy and paste the text of the page into a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Run VEW as before and post both the System and Applications logs.


Let's see if we can get combofix to fix the avg indication and nothing else:



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

SecCenter::
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Ron
  • 0

#15
01010011

01010011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

If you don't get a result that says something like 0/43 on each


I got 0/44 on each file.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/09/2011 8:48:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/09/2011 8:46:02 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

Log: 'System' Date/Time: 03/09/2011 8:45:55 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Help and Support service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/09/2011 8:49:00 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/09/2011 8:45:55 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 03/09/2011 8:45:55 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .



ComboFix 11-09-02.04 - john doe 09/03/2011 21:00:25.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.469 [GMT -4:00]
Running from: c:\documents and settings\john doe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\john doe\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-09-03 18:48 . 2011-09-03 18:48 -------- d-----w- c:\documents and settings\john doe\Application Data\Nokia
2011-09-03 18:43 . 2011-09-03 18:43 -------- d-----w- c:\program files\Common Files\Nokia
2011-09-03 18:43 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-09-03 18:43 . 2011-09-03 18:43 -------- d-----w- c:\program files\PC Connectivity Solution
2011-09-03 18:43 . 2011-09-03 18:43 -------- d-----w- c:\program files\Nokia
2011-09-03 18:42 . 2011-09-03 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2011-09-03 13:20 . 2011-09-04 00:59 -------- d-----w- c:\windows\system32\CatRoot2
2011-09-03 01:05 . 2011-09-03 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-09-03 01:00 . 2011-09-03 01:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-03 00:59 . 2011-09-03 00:59 -------- d-----w- c:\program files\Java
2011-09-03 00:46 . 2011-09-03 00:46 -------- d-----w- c:\program files\Common Files\Java
2011-08-31 18:36 . 2011-08-31 18:36 -------- d-----w- c:\program files\FinalWire
2011-08-31 14:36 . 2011-08-31 14:36 -------- d-----w- C:\_OTM
2011-08-31 11:30 . 2011-08-31 11:30 -------- d-----w- c:\documents and settings\john doe\Local Settings\Application Data\ESET
2011-08-31 11:17 . 2011-08-31 11:17 -------- d-----w- c:\program files\WOT
2011-08-31 11:09 . 2011-08-31 11:10 -------- d-----w- c:\documents and settings\john doe\Local Settings\Application Data\Deployment
2011-08-31 11:04 . 2011-08-31 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-08-31 10:55 . 2011-08-31 11:04 -------- d-----w- c:\program files\ESET
2011-08-30 06:25 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 06:25 . 2011-08-30 06:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 06:25 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 06:16 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-30 06:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-28 04:10 . 2011-08-28 04:10 -------- d-----w- c:\documents and settings\john doe\Application Data\SUPERAntiSpyware.com
2011-08-28 04:10 . 2011-08-28 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-28 04:06 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-28 04:05 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-22 15:17 . 2011-08-22 15:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 01:00 . 2010-10-27 03:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2004-08-04 03:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-08-25 03:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 04:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 04:56 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-04 00:45 . 2011-09-04 00:45 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2011-09-04 00:45 . 2011-09-04 00:45 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
+ 2008-09-20 01:50 . 2011-05-18 14:13 75264 c:\windows\system32\nmwcdcls.dll
+ 2011-09-03 18:43 . 2008-08-26 14:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:12 23168 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbo.sys
+ 2011-09-03 18:43 . 2011-05-18 14:13 75264 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:12 18176 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmb.sys
+ 2011-09-03 18:42 . 2011-09-03 18:42 78336 c:\windows\Installer\111923.msi
+ 2011-09-03 18:44 . 2011-09-03 18:44 15086 c:\windows\Installer\{D0D14551-3A2D-433B-861F-F4DCE5422759}\ARPPRODUCTICON.exe
+ 2011-09-03 18:43 . 2011-09-03 18:43 10134 c:\windows\Installer\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}\ARPPRODUCTICON.exe
+ 2011-09-03 18:43 . 2011-05-18 14:09 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsuc.sys
+ 2011-09-03 18:43 . 2011-05-18 14:12 8192 c:\windows\system32\DRVSTORE\ccdcmbm_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerflt.sys
+ 2011-09-03 18:43 . 2011-05-18 14:12 8192 c:\windows\system32\DRVSTORE\ccdcmbj_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerfltj.sys
+ 2011-09-03 18:43 . 2011-09-03 18:43 3262 c:\windows\Installer\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}\ARPPRODUCTICON.exe
+ 2011-04-29 08:49 . 2011-09-04 00:45 219733 c:\windows\system32\inetsrv\MetaBase.bin
+ 2011-09-03 18:43 . 2011-01-03 18:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll
+ 2011-09-03 18:43 . 2011-05-18 14:09 137600 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsu.sys
+ 2011-09-03 18:43 . 2011-05-18 14:13 605696 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcocls.dll
+ 2011-09-03 18:43 . 2011-05-18 14:13 123904 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbwu.dll
+ 2011-09-03 18:44 . 2011-09-03 18:44 854016 c:\windows\Installer\111948.msi
+ 2011-09-03 18:43 . 2011-09-03 18:43 496128 c:\windows\Installer\111942.msi
+ 2011-09-03 18:43 . 2011-09-03 18:43 337408 c:\windows\Installer\11193c.msi
+ 2011-09-03 18:43 . 2011-01-03 17:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll
+ 2011-09-03 18:43 . 2011-05-18 14:09 1461992 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\wdfcoinstaller01009.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-11 7286784]
"nwiz"="nwiz.exe" [2005-10-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-11 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"PVR Agent"="c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2005-04-13 751104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-25 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-06-25 255344]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\john doe\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe [2006-9-20 57344]
SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2010-1-3 65536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-8-25 106560]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-08-25 01:28 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2004-10-11 06:54 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Documents and Settings\\Authorised\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Authorised\\Application Data\\Vusion\\WARPVideoStreamer.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2011 2:25 AM 366640]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [8/24/2006 11:56 PM 672128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2011 2:25 AM 22712]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\JOHND~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/30/2011 2:25 AM 41272]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-01-04 21:29]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007Core.job
- c:\documents and settings\john doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 11:10]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007UA.job
- c:\documents and settings\john doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 11:10]
.
2011-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2009-06-26 21:21]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 200.1.104.36 200.1.104.35
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-09-03 21:08:40
ComboFix-quarantined-files.txt 2011-09-04 01:08
ComboFix2.txt 2011-09-03 22:01
.
Pre-Run: 60,886,896,640 bytes free
Post-Run: 60,872,581,120 bytes free
.
- - End Of File - - 860561D680890E3F577421EBC0A7F574
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP