TechSpot

Need help with system check virus removal

By hmMurdock914
Jan 1, 2012
  1. My computer is infected with the System Check virus and I could use some major help getting rid of it. Everything in my drive folders are blank so I can't even get Malwarebytes to run. I'm running xp and am ready to throw my tower out the window. If you could help and let me know what you need from me, drinks are on me.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    See if you have same issue in Safe Mode.
     
  3. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    I figured out a way to get malware running. I'm scanning right now and will post the results when it is finished.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Cool :)......
     
  5. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    I tried running the DDS scan but it would freeze up after 15 min and I would have to restart but here are the Malware and the GMER.

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.01.04

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 7.0.5730.11
    Owner :: COMPUTER2007 [administrator]

    1/1/2012 8:39:34 PM
    mbam-log-2012-01-01 (20-39-34).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System |
    Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 303321
    Time elapsed: 2 hour(s), 18 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 8
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel
    (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and
    repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp
    (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and
    repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer
    (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and
    repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs
    (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and
    repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun
    (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and
    repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch
    (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and
    repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop
    (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired
    successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
    (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and
    repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Documents and Settings\All Users\Application
    Data\3YZtDSp2OTCtkw.exe (Trojan.FakeAlert) -> Quarantined and deleted
    successfully.
    C:\Documents and Settings\All Users\Application Data\gyjAEPulVY.exe
    (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application
    Data\Sun\Java\Deployment\cache\6.0\14\4939ec0e-67988555
    (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\My Documents\4SWPN.exe
    (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\My Documents\nt4YFu8.exe
    (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume
    Information\_restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1010\A0062349.exe
    (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-02 00:28:56
    Windows 5.1.2600 Service Pack 2
    Running: iugpicv2.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pglirfoc.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1
    771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2
    285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0
    1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0
    C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0
    0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh
    0xF7 0x08 0xB7 0x91 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0
    0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh
    0xBD 0xCF 0x30 0xD0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh
    0x1B 0x63 0x50 0x1F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0
    C:\Program Files\DAEMON Tools
    Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0
    0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh
    0xF7 0x08 0xB7 0x91 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0
    0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh
    0xBD 0xCF 0x30 0xD0 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh
    0x1B 0x63 0x50 0x1F ...

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB43484$\3514005679
    0 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\@
    2048 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\bckfg.tmp
    911 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\cfg.ini
    199 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\Desktop.ini
    4608 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\keywords
    143 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\kwrd.dll
    223744 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\L
    0 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\L\hypzzmjp
    74752 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\lsflt7.ver
    5176 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\U
    0 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\U\00000001.@
    2048 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\U\00000002.@
    224768 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\U\00000004.@
    1024 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\U\80000000.@
    11264 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\U\80000004.@
    12800 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\3514005679\U\80000032.@
    77312 bytes
    File C:\WINDOWS\$NtUninstallKB43484$\4133149318
    0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please disable "word wrap" in Notepad because your logs are hard to read.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    Below is the awsMBR report. I tried running combo fix multiple times and it would make the registry back up and get to the point where it would say scan is running it should take ten minutes. This screen would run with a blinking cursor for 2 hours and then the cursor would stop blinking and my comp would freeze up. I used rkill with combofix and tried it in safe mode. Every time it would freeze up and the computer would stop responding.

    aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-02 01:38:38
    -----------------------------
    01:38:38.484 OS Version: Windows 5.1.2600 Service Pack 2
    01:38:38.484 Number of processors: 1 586 0x207
    01:38:38.500 ComputerName: COMPUTER2007 UserName: Owner
    01:38:39.812 Initialze error 0 - driver not loaded
    02:07:25.093 AVAST engine defs: 12010101
    02:11:21.734 Service scanning
    02:11:23.062 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    02:11:23.921 Modules scanning
    02:11:23.921 Disk 0 trace - called modules:
    02:11:23.937
    02:11:25.578 AVAST engine scan C:\WINDOWS
    02:11:34.250 AVAST engine scan C:\WINDOWS\system32
    02:14:17.671 AVAST engine scan C:\WINDOWS\system32\drivers
    02:14:27.031 File: C:\WINDOWS\system32\drivers\ipsec.sys **INFECTED** Win32:Aluroot-B [Rtk]
    02:14:51.093 AVAST engine scan C:\Documents and Settings\Owner
    02:21:38.406 AVAST engine scan C:\Documents and Settings\All Users
    02:22:31.328 Scan finished successfully
    02:32:00.312 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    I tried running the program in normal and in safe mode and I can not get it to start up. Any suggestions? I also tried renaming it before I put it on my desktop.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ==========================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  11. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/02/2012 at 22:44:53.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    --- ATTENTION ---

    Windows was configured to use a proxy! Proxy settings have been removed.

    The Proxy Server that was configured is:

    If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


    Rkill completed on 01/02/2012 at 22:46:09.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please re-read my previous reply.
     
  13. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    Sorry about that here is what the bootkit remover reported:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  14. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    I know you are probably busy helping everyone but just wanted to make sure what I should do next :) thanks again for all your help
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Instead of bumping read my replies CAREFULLY.
    I'm still waiting for Farbar Recovery Scan Tool log.
     
  16. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    Wow. I am an idoit and sorry. Here are the results of the farbar scan:

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by Owner at 2012-01-04 18:12:40
    Running from C:\Documents and Settings\Owner\Desktop
    Service Pack 2 (X86) OS Language: English(US)
    Attention: Could not load system hive.
    Error: The process cannot access the file because it is being used by another process.
    ========================== Registry (Whitelisted) =============

    HKU\Dad\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-03-18] (Apple Inc.)
    HKU\Dad\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-12] (Microsoft Corporation)
    HKU\Dad\...\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe [12036968 2011-04-14] (GARMIN Corp.)
    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell]

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-04 18:12 - 2012-01-04 18:12 - 0000000 ____D C:\FRST
    2012-01-04 18:12 - 2012-01-04 18:11 - 0858478 ____A C:\Documents and Settings\Owner\Desktop\FRST.exe
    2012-01-02 23:25 - 2012-01-02 23:57 - 0000706 ____A C:\Documents and Settings\Owner\Desktop\bootkit.txt
    2012-01-02 23:24 - 2012-01-04 18:12 - 0038677 ____A C:\Documents and Settings\Owner\Desktop\bootkit_remover_debug_log.txt
    2012-01-02 23:23 - 2012-01-02 23:23 - 0044607 ____A C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
    2012-01-02 23:23 - 2011-09-21 18:11 - 0003641 ____A C:\Documents and Settings\Owner\Desktop\readme_ru.txt
    2012-01-02 23:23 - 2011-09-21 18:11 - 0003114 ____A C:\Documents and Settings\Owner\Desktop\readme_en.txt
    2012-01-02 23:23 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Documents and Settings\Owner\Desktop\boot_cleaner.exe
    2012-01-02 22:47 - 2012-01-02 22:47 - 0000662 ____A C:\Documents and Settings\Owner\Desktop\rkill.log
    2012-01-02 22:46 - 2012-01-02 22:46 - 0000147 ____A C:\Documents and Settings\Owner\Desktop\rk-proxy.reg
    2012-01-02 22:44 - 2012-01-02 22:46 - 0000662 ____A C:\rkill.log
    2012-01-02 22:41 - 2012-01-02 20:06 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Owner\Desktop\please.exe
    2012-01-02 18:03 - 2012-01-02 18:18 - 0000000 ___SD C:\mikem
    2012-01-02 18:00 - 2012-01-02 17:57 - 1008141 ____A C:\Documents and Settings\Owner\Desktop\rkill.com
    2012-01-02 18:00 - 2012-01-02 17:29 - 4360898 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\mikem.exe
    2012-01-02 12:54 - 2012-01-02 12:50 - 8821856 ____A (OPSWAT, Inc.) C:\Documents and Settings\Owner\Desktop\AppRemover.exe
    2012-01-02 03:15 - 2004-08-12 01:00 - 0074752 ____A C:\Windows\System32\Drivers\ipsec.svs
    2012-01-02 03:04 - 2012-01-02 03:04 - 0000000 RASHD C:\cmdcons
    2012-01-02 03:04 - 2012-01-01 20:15 - 0000211 ____A C:\Boot.bak
    2012-01-02 03:04 - 2004-08-03 23:00 - 0260272 _RASH C:\cmldr
    2012-01-02 02:57 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
    2012-01-02 02:57 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
    2012-01-02 02:57 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-01-02 02:57 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-01-02 02:57 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-01-02 02:57 - 2000-08-30 19:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
    2012-01-02 02:57 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
    2012-01-02 02:57 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
    2012-01-02 02:57 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
    2012-01-02 02:56 - 2012-01-02 02:56 - 0000000 ____D C:\Windows\ERDNT
    2012-01-02 02:43 - 2012-01-02 02:56 - 0000000 ____D C:\Qoobox
    2012-01-02 02:32 - 2012-01-02 02:32 - 0001170 ____A C:\Documents and Settings\Owner\Desktop\aswMBR.txt
    2012-01-02 01:36 - 2012-01-02 01:36 - 4702720 ____A (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    2012-01-02 00:28 - 2012-01-02 00:28 - 0005615 ____A C:\Documents and Settings\Owner\Desktop\glog.log
    2012-01-01 20:35 - 2012-01-01 20:35 - 0000686 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-01 20:35 - 2012-01-01 20:35 - 0000000 ____D C:\Program Files\****YouVirus
    2012-01-01 20:33 - 2012-01-01 20:33 - 10847608 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\****YouVirus.exe
    2012-01-01 19:41 - 2012-01-01 19:41 - 0000882 ____A C:\Documents and Settings\All Users\Desktop\Re-Enable v2.exe.lnk
    2012-01-01 19:41 - 2012-01-01 19:41 - 0000000 ____D C:\Program Files\Tangosoft
    2012-01-01 19:39 - 2012-01-01 19:39 - 1093707 ____A (Tangosoft) C:\Documents and Settings\Owner\Desktop\setup.exe
    2012-01-01 18:20 - 2012-01-01 18:20 - 0607260 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.scr
    2012-01-01 17:13 - 2012-01-01 17:13 - 10847608 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.0.1800.exe
    2012-01-01 17:06 - 2012-01-01 17:06 - 0302592 ____A C:\Documents and Settings\Owner\Desktop\iugpicv2.exe
    2011-12-30 15:48 - 2012-01-01 15:12 - 0000408 ___AH C:\Documents and Settings\All Users\Application Data\3YZtDSp2OTCtkw
    2011-12-30 15:48 - 2012-01-01 15:12 - 0000312 ___AH C:\Documents and Settings\All Users\Application Data\~3YZtDSp2OTCtkw
    2011-12-30 15:48 - 2011-12-30 15:48 - 0000835 ___AH C:\Documents and Settings\Owner\Desktop\System Check.lnk
    2011-12-30 15:48 - 2011-12-30 15:48 - 0000224 ___AH C:\Documents and Settings\All Users\Application Data\~3YZtDSp2OTCtkwr
    2011-12-30 13:54 - 2011-12-30 13:54 - 0000000 ___HD C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
    2011-12-30 13:52 - 2012-01-02 22:39 - 0019706 ___AH C:\Windows\setupapi.log
    2011-12-30 01:13 - 2012-01-02 23:47 - 0536670 ___AH C:\Windows\ntbtlog.txt
    2011-12-29 21:56 - 2012-01-04 10:11 - 0078168 ___AH C:\Windows\WindowsUpdate.log
    2011-12-29 19:06 - 2011-12-29 19:06 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2011-12-29 18:54 - 2011-12-29 18:54 - 0000000 ___HD C:\Program Files\CCleaner
    2011-12-29 18:51 - 2011-12-29 18:51 - 3562624 ___AH (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\ccsetup314.exe
    2011-12-29 18:30 - 2011-12-29 22:03 - 0000000 ___HD C:\Program Files\SUPERAntiSpyware
    2011-12-29 18:30 - 2011-12-29 18:30 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-12-29 18:29 - 2011-12-29 18:29 - 12903112 ___AH (SUPERAntiSpyware.com) C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    2011-12-29 18:29 - 2011-12-29 18:29 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\SUPERSetup
    2011-12-28 23:46 - 2002-02-27 14:12 - 0002600 ___AH C:\Documents and Settings\Owner\Desktop\xp_exe_fix.reg
    2011-12-28 23:45 - 2011-12-28 23:45 - 0000745 ___AH C:\Documents and Settings\Owner\Desktop\xp_exe_fix.zip
    2011-12-28 20:51 - 2011-12-28 20:51 - 0000000 ___HD C:\Documents and Settings\NetworkService\Application Data\Sun
    2011-12-28 20:48 - 2011-12-28 20:48 - 0000000 ___HD C:\Documents and Settings\NetworkService\Application Data\Macromedia
    2011-12-28 18:52 - 2011-12-28 20:45 - 0014552 __ASH C:\Documents and Settings\Owner\Local Settings\Application Data\5f33275514bwj482
    2011-12-28 18:52 - 2011-12-28 20:45 - 0014552 __ASH C:\Documents and Settings\All Users\Application Data\5f33275514bwj482
    2011-12-28 15:51 - 2011-12-28 15:51 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\AIM
    2011-12-28 15:50 - 2011-12-28 15:50 - 0000000 ___HD C:\Program Files\Common Files\Software Update Utility
    2011-12-28 15:50 - 2011-12-28 15:50 - 0000000 ___HD C:\Program Files\AIM
    2011-12-26 01:40 - 2011-12-26 01:39 - 0963976 ___AH (Malwarebytes Corporation) C:\Documents and Settings\Owner\Desktop\mbam.exe
    2011-12-26 00:33 - 2011-12-26 01:24 - 0011182 __ASH C:\Documents and Settings\Owner\Local Settings\Application Data\15034475r3r7
    2011-12-26 00:33 - 2011-12-26 01:24 - 0011182 __ASH C:\Documents and Settings\All Users\Application Data\15034475r3r7
    2011-12-24 09:29 - 2011-12-24 09:29 - 0414368 ___AH (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2011-12-23 11:40 - 2011-12-23 11:40 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\comcasttb
    2011-12-23 11:39 - 2011-12-23 11:42 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\CallingID
    2011-12-23 11:39 - 2011-12-23 11:39 - 0000000 ___HD C:\Program Files\Common Files\scanner
    2011-12-23 11:39 - 2011-12-23 11:39 - 0000000 ___HD C:\Program Files\comcasttb
    2011-12-23 11:38 - 2011-12-23 11:38 - 0000000 ___HD C:\Program Files\CA

    ============ 3 Months Modified Files and Folders ===============

    2012-01-04 18:12 - 2012-01-04 18:12 - 0000000 ____D C:\FRST
    2012-01-04 18:12 - 2012-01-02 23:24 - 0038677 ____A C:\Documents and Settings\Owner\Desktop\bootkit_remover_debug_log.txt
    2012-01-04 18:11 - 2012-01-04 18:12 - 0858478 ____A C:\Documents and Settings\Owner\Desktop\FRST.exe
    2012-01-04 10:11 - 2011-12-29 21:56 - 0078168 ___AH C:\Windows\WindowsUpdate.log
    2012-01-02 23:58 - 2008-03-12 18:23 - 0000048 ___AH C:\Windows\wiaservc.log
    2012-01-02 23:57 - 2012-01-02 23:25 - 0000706 ____A C:\Documents and Settings\Owner\Desktop\bootkit.txt
    2012-01-02 23:56 - 2008-03-13 00:35 - 0000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
    2012-01-02 23:56 - 2008-03-13 00:34 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2012-01-02 23:56 - 2008-03-13 00:34 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2012-01-02 23:56 - 2008-03-13 00:34 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-01-02 23:47 - 2011-12-30 01:13 - 0536670 ___AH C:\Windows\ntbtlog.txt
    2012-01-02 23:23 - 2012-01-02 23:23 - 0044607 ____A C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
    2012-01-02 22:47 - 2012-01-02 22:47 - 0000662 ____A C:\Documents and Settings\Owner\Desktop\rkill.log
    2012-01-02 22:46 - 2012-01-02 22:46 - 0000147 ____A C:\Documents and Settings\Owner\Desktop\rk-proxy.reg
    2012-01-02 22:46 - 2012-01-02 22:44 - 0000662 ____A C:\rkill.log
    2012-01-02 22:39 - 2011-12-30 13:52 - 0019706 ___AH C:\Windows\setupapi.log
    2012-01-02 20:06 - 2012-01-02 22:41 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Owner\Desktop\please.exe
    2012-01-02 18:18 - 2012-01-02 18:03 - 0000000 ___SD C:\mikem
    2012-01-02 18:05 - 2008-03-13 00:34 - 0032566 ___AH C:\Windows\SchedLgU.Txt
    2012-01-02 17:57 - 2012-01-02 18:00 - 1008141 ____A C:\Documents and Settings\Owner\Desktop\rkill.com
    2012-01-02 17:29 - 2012-01-02 18:00 - 4360898 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\mikem.exe
    2012-01-02 13:01 - 2008-03-13 00:35 - 0000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
    2012-01-02 12:50 - 2012-01-02 12:54 - 8821856 ____A (OPSWAT, Inc.) C:\Documents and Settings\Owner\Desktop\AppRemover.exe
    2012-01-02 10:41 - 2008-03-12 18:17 - 0000327 _RASH C:\boot.ini
    2012-01-02 03:04 - 2012-01-02 03:04 - 0000000 RASHD C:\cmdcons
    2012-01-02 02:56 - 2012-01-02 02:56 - 0000000 ____D C:\Windows\ERDNT
    2012-01-02 02:56 - 2012-01-02 02:43 - 0000000 ____D C:\Qoobox
    2012-01-02 02:32 - 2012-01-02 02:32 - 0001170 ____A C:\Documents and Settings\Owner\Desktop\aswMBR.txt
    2012-01-02 01:36 - 2012-01-02 01:36 - 4702720 ____A (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    2012-01-02 00:28 - 2012-01-02 00:28 - 0005615 ____A C:\Documents and Settings\Owner\Desktop\glog.log
    2012-01-01 23:49 - 2008-12-25 23:47 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
    2012-01-01 23:23 - 2008-03-13 00:35 - 0000000 __RHD C:\Documents and Settings\Owner\My Documents
    2012-01-01 20:35 - 2012-01-01 20:35 - 0000686 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-01 20:35 - 2012-01-01 20:35 - 0000000 ____D C:\Program Files\****YouVirus
    2012-01-01 20:33 - 2012-01-01 20:33 - 10847608 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\****YouVirus.exe
    2012-01-01 20:15 - 2012-01-02 03:04 - 0000211 ____A C:\Boot.bak
    2012-01-01 19:41 - 2012-01-01 19:41 - 0000882 ____A C:\Documents and Settings\All Users\Desktop\Re-Enable v2.exe.lnk
    2012-01-01 19:41 - 2012-01-01 19:41 - 0000000 ____D C:\Program Files\Tangosoft
    2012-01-01 19:41 - 2008-09-15 14:20 - 0000000 ___HD C:\Config.Msi
    2012-01-01 19:39 - 2012-01-01 19:39 - 1093707 ____A (Tangosoft) C:\Documents and Settings\Owner\Desktop\setup.exe
    2012-01-01 18:20 - 2012-01-01 18:20 - 0607260 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.scr
    2012-01-01 18:17 - 2008-03-13 00:35 - 0000000 __SHD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files
    2012-01-01 17:15 - 2010-05-07 18:04 - 0000000 ___HD C:\Program Files\Malwarebytes' Anti-Malware
    2012-01-01 17:13 - 2012-01-01 17:13 - 10847608 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.0.1800.exe
    2012-01-01 17:09 - 2008-03-13 00:35 - 0000000 __SHD C:\Documents and Settings\Owner\Local Settings\History
    2012-01-01 17:06 - 2012-01-01 17:06 - 0302592 ____A C:\Documents and Settings\Owner\Desktop\iugpicv2.exe
    2012-01-01 15:12 - 2011-12-30 15:48 - 0000408 ___AH C:\Documents and Settings\All Users\Application Data\3YZtDSp2OTCtkw
    2012-01-01 15:12 - 2011-12-30 15:48 - 0000312 ___AH C:\Documents and Settings\All Users\Application Data\~3YZtDSp2OTCtkw
    2012-01-01 14:38 - 2004-08-12 01:00 - 0002206 ___AH C:\Windows\System32\wpa.dbl
    2011-12-30 15:48 - 2011-12-30 15:48 - 0000835 ___AH C:\Documents and Settings\Owner\Desktop\System Check.lnk
    2011-12-30 15:48 - 2011-12-30 15:48 - 0000224 ___AH C:\Documents and Settings\All Users\Application Data\~3YZtDSp2OTCtkwr
    2011-12-30 15:24 - 2008-03-12 18:19 - 0000000 __RHD C:\Documents and Settings\All Users\Start Menu
    2011-12-30 13:59 - 2008-03-13 00:40 - 0184445 ___AH C:\Windows\System32\nvapps.xml
    2011-12-30 13:58 - 2008-03-12 18:23 - 0000159 ___AH C:\Windows\wiadebug.log
    2011-12-30 13:54 - 2011-12-30 13:54 - 0000000 ___HD C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
    2011-12-30 13:02 - 2004-08-12 01:00 - 0000603 ___AH C:\Windows\win.ini
    2011-12-30 13:02 - 2004-08-12 01:00 - 0000227 ___AH C:\Windows\system.ini
    2011-12-30 12:38 - 2009-11-24 19:03 - 0000000 __HDC C:\Windows\$NtUninstallKB973687$
    2011-12-30 01:23 - 2008-03-13 01:45 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2011-12-29 22:03 - 2011-12-29 18:30 - 0000000 ___HD C:\Program Files\SUPERAntiSpyware
    2011-12-29 19:06 - 2011-12-29 19:06 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2011-12-29 19:01 - 2010-02-05 19:24 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\FileZilla
    2011-12-29 19:01 - 2008-03-13 02:23 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\BitTorrent
    2011-12-29 18:54 - 2011-12-29 18:54 - 0000000 ___HD C:\Program Files\CCleaner
    2011-12-29 18:51 - 2011-12-29 18:51 - 3562624 ___AH (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\ccsetup314.exe
    2011-12-29 18:30 - 2011-12-29 18:30 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-12-29 18:29 - 2011-12-29 18:29 - 12903112 ___AH (SUPERAntiSpyware.com) C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    2011-12-29 18:29 - 2011-12-29 18:29 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\SUPERSetup
    2011-12-29 17:36 - 2008-05-12 09:27 - 0000069 ___AH C:\Windows\NeroDigital.ini
    2011-12-29 13:14 - 2008-03-13 04:01 - 0000000 __HDC C:\Windows\$NtUninstallKB935839$
    2011-12-28 23:45 - 2011-12-28 23:45 - 0000745 ___AH C:\Documents and Settings\Owner\Desktop\xp_exe_fix.zip
    2011-12-28 20:51 - 2011-12-28 20:51 - 0000000 ___HD C:\Documents and Settings\NetworkService\Application Data\Sun
    2011-12-28 20:48 - 2011-12-28 20:48 - 0000000 ___HD C:\Documents and Settings\NetworkService\Application Data\Macromedia
    2011-12-28 20:45 - 2011-12-28 18:52 - 0014552 __ASH C:\Documents and Settings\Owner\Local Settings\Application Data\5f33275514bwj482
    2011-12-28 20:45 - 2011-12-28 18:52 - 0014552 __ASH C:\Documents and Settings\All Users\Application Data\5f33275514bwj482
    2011-12-28 18:52 - 2008-03-13 00:35 - 0000000 ___HD C:\Documents and Settings\Owner\Templates
    2011-12-28 15:51 - 2011-12-28 15:51 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\AIM
    2011-12-28 15:51 - 2009-10-18 12:12 - 0000000 ___HD C:\Documents and Settings\Owner\Local Settings\Application Data\AIM
    2011-12-28 15:51 - 2008-03-13 02:00 - 0001391 ___AH C:\IPH.PH
    2011-12-28 15:50 - 2011-12-28 15:50 - 0000000 ___HD C:\Program Files\Common Files\Software Update Utility
    2011-12-28 15:50 - 2011-12-28 15:50 - 0000000 ___HD C:\Program Files\AIM
    2011-12-27 16:09 - 2008-03-13 04:00 - 0000000 __HDC C:\Windows\$NtUninstallKB944653$
    2011-12-26 09:06 - 2008-03-13 00:31 - 0000000 __HDC C:\Windows\$NtServicePackUninstallIDNMitigationAPIs$
    2011-12-26 01:39 - 2011-12-26 01:40 - 0963976 ___AH (Malwarebytes Corporation) C:\Documents and Settings\Owner\Desktop\mbam.exe
    2011-12-26 01:39 - 2008-03-13 00:29 - 0000000 ___HD C:\Program Files\Mozilla Firefox
    2011-12-26 01:24 - 2011-12-26 00:33 - 0011182 __ASH C:\Documents and Settings\Owner\Local Settings\Application Data\15034475r3r7
    2011-12-26 01:24 - 2011-12-26 00:33 - 0011182 __ASH C:\Documents and Settings\All Users\Application Data\15034475r3r7
    2011-12-24 17:50 - 2008-03-13 03:38 - 0000000 ___HD C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2011-12-24 16:02 - 2008-03-13 01:51 - 0107520 ___AH C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-12-24 09:29 - 2011-12-24 09:29 - 0414368 ___AH (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2011-12-23 11:42 - 2011-12-23 11:39 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\CallingID
    2011-12-23 11:40 - 2011-12-23 11:40 - 0000000 ___HD C:\Documents and Settings\Owner\Application Data\comcasttb
    2011-12-23 11:39 - 2011-12-23 11:39 - 0000000 ___HD C:\Program Files\Common Files\scanner
    2011-12-23 11:39 - 2011-12-23 11:39 - 0000000 ___HD C:\Program Files\comcasttb
    2011-12-23 11:38 - 2011-12-23 11:38 - 0000000 ___HD C:\Program Files\CA
    2011-12-23 11:38 - 2009-08-09 10:26 - 0000000 ___HD C:\Windows\Downloaded Installations
    2011-12-23 11:33 - 2008-03-12 18:19 - 0512960 ___AH C:\Windows\System32\PerfStringBackup.INI
    2011-12-23 10:49 - 2009-03-30 14:26 - 0004102 ___AH C:\Windows\System32\lvcoinst.log
    2011-12-10 15:24 - 2010-05-07 18:04 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-11-26 09:51 - 2008-09-28 19:21 - 0000178 __ASH C:\Documents and Settings\Dad\ntuser.ini
    2011-11-26 09:12 - 2010-07-15 19:26 - 0002137 ___AH C:\Documents and Settings\Dad\Desktop\iTunes.lnk
    2011-11-26 09:09 - 2008-09-28 19:21 - 0000062 __ASH C:\Documents and Settings\Dad\Local Settings\desktop.ini
    2011-11-26 09:08 - 2010-08-31 21:59 - 0000000 ___HD C:\Program Files\Microsoft Silverlight


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe
    [2007-02-16 15:25] - [2007-06-13 05:23] - 1033216 ___AH (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87

    C:\Windows\System32\winlogon.exe
    [2004-08-12 01:00] - [2004-08-12 01:00] - 0502272 ___AH (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

    C:\Windows\System32\Drivers\volsnap.sys
    [2004-08-12 01:00] - [2004-08-12 01:00] - 0052352 ___AH (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


    ==================== Restore Points (XP) =====================

    RP: -> 2012-01-04 12:02 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1027

    RP: -> 2012-01-03 11:02 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1026

    RP: -> 2012-01-01 19:57 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1023

    RP: -> 2012-01-01 19:47 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1022

    RP: -> 2012-01-01 19:41 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1021

    RP: -> 2012-01-01 19:23 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1020

    RP: -> 2012-01-01 19:17 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1019

    RP: -> 2012-01-01 19:17 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1018

    RP: -> 2012-01-01 15:37 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1017

    RP: -> 2012-01-01 14:48 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1016

    RP: -> 2012-01-01 14:45 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1015

    RP: -> 2012-01-01 14:42 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1014

    RP: -> 2011-12-30 13:56 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1013

    RP: -> 2011-12-30 13:39 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1012

    RP: -> 2011-12-30 00:18 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1011

    RP: -> 2011-12-28 00:57 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1009

    RP: -> 2011-12-27 00:11 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1008

    RP: -> 2011-12-26 00:05 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1007

    RP: -> 2011-12-24 17:45 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1006

    RP: -> 2011-12-24 09:45 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1005

    RP: -> 2011-12-23 11:35 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1004

    RP: -> 2011-12-23 08:37 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1003

    RP: -> 2011-10-30 11:45 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1002

    RP: -> 2011-10-30 10:35 - 028672 _restore{BA89A21E-5935-4F9C-8567-12703A13ABC6}\RP1001


    ========================= Memory info ======================

    Percentage of memory in use: 38%
    Total physical RAM: 767 MB
    Available physical RAM: 474.98 MB
    Total Pagefile: 1877.14 MB
    Available Pagefile: 1673.38 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1997.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:37.24 GB) (Free:8.3 GB) NTFS
    5 Drive m: (New Volume) (Fixed) (Total:372.61 GB) (Free:227.76 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 37 GB 0 B
    Disk 1 Online 373 GB 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 37 GB 32 KB
    Partition 2 Unknown 8 MB 37 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 37 GB Healthy Boot

    Disk: 0
    Partition 2
    Type : 17
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We're dealing here with the newest TDL rootkit.

    Be extremely careful and read following manual 5 times if needed.

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ===========================================================================================

    Download gparted-live-0.10.0-3.iso (115.1 MB)

    Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    Boot off of the newly created Gparted CD.

    You should be here:
    [​IMG]
    Press Enter.

    By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:
    [​IMG]

    Choose your language and press ENTER. English is default [33]:
    [​IMG]

    Once again, at this prompt, press ENTER:
    [​IMG]

    You will now be taken to the main GUI screen below:
    [​IMG]
    According to your logs, the partition that you want to delete is the small partition of 8MB.
    Click on it to highlight it.
    Click the trash can icon to delete and then click Apply.

    You should now be here confirming your actions:
    [​IMG]

    Now you should be here:
    [​IMG]

    Is "boot" next to your OS drive?
    [​IMG]

    If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

    In the menu that pops up, place a checkmark in boot like the picture below:
    [​IMG]

    Now double-click the [​IMG] button.

    You should receive a small pop up like this:
    [​IMG]

    Choose reboot and then press OK.

    Post new Bootkit Remover log.
     
  18. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Well done :)

    Post new aswMBR log and see if TDSSKiller will run now.
     
  20. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    Here are both logs

    aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-04 20:31:38
    -----------------------------
    20:31:38.000 OS Version: Windows 5.1.2600 Service Pack 2
    20:31:38.000 Number of processors: 1 586 0x207
    20:31:38.000 ComputerName: COMPUTER2007 UserName: Owner
    20:31:38.250 Initialize success
    20:31:58.750 AVAST engine download error: 0
    20:31:58.750 AVAST engine defs: 12010101
    20:32:05.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    20:32:05.375 Disk 0 Vendor: WDC_WD400BB-75JHA0 05.01C05 Size: 38146MB BusType: 3
    20:32:05.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    20:32:05.375 Disk 1 Vendor: ST3400832A 3.03 Size: 381554MB BusType: 3
    20:32:05.375 Device \Driver\atapi -> MajorFunction 82fdd1f8
    20:32:05.406 Disk 0 MBR read successfully
    20:32:05.406 Disk 0 MBR scan
    20:32:05.406 Disk 0 Windows XP default MBR code
    20:32:05.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
    20:32:05.406 Disk 0 scanning sectors +78108030
    20:32:05.468 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:32:12.828 Service scanning
    20:32:13.578 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    20:32:14.187 Modules scanning
    20:32:21.750 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
    20:32:23.156 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
    20:32:23.171 Disk 0 trace - called modules:
    20:32:23.171 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82fdd1f8]<<
    20:32:23.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcdab8]
    20:32:23.187 3 CLASSPNP.SYS[f756ffcf] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f12b00]
    20:32:23.187 \Driver\atapi[0x82f2c510] -> IRP_MJ_CREATE -> 0x82fdd1f8
    20:32:23.546 AVAST engine scan C:\WINDOWS
    20:32:29.984 AVAST engine scan C:\WINDOWS\system32
    20:34:02.875 AVAST engine scan C:\WINDOWS\system32\drivers
    20:34:12.062 AVAST engine scan C:\Documents and Settings\Owner
    20:41:00.859 AVAST engine scan C:\Documents and Settings\All Users
    20:41:48.828 Scan finished successfully
    20:44:04.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    20:44:04.265 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR2.txt"




    20:44:35.0984 1660 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    20:44:36.0062 1660 ============================================================
    20:44:36.0062 1660 Current date / time: 2012/01/04 20:44:36.0062
    20:44:36.0062 1660 SystemInfo:
    20:44:36.0062 1660
    20:44:36.0062 1660 OS Version: 5.1.2600 ServicePack: 2.0
    20:44:36.0062 1660 Product type: Workstation
    20:44:36.0062 1660 ComputerName: COMPUTER2007
    20:44:36.0078 1660 UserName: Owner
    20:44:36.0078 1660 Windows directory: C:\WINDOWS
    20:44:36.0078 1660 System windows directory: C:\WINDOWS
    20:44:36.0078 1660 Processor architecture: Intel x86
    20:44:36.0078 1660 Number of processors: 1
    20:44:36.0078 1660 Page size: 0x1000
    20:44:36.0078 1660 Boot type: Normal boot
    20:44:36.0078 1660 ============================================================
    20:44:37.0562 1660 Initialize success
    20:45:02.0218 0540 ============================================================
    20:45:02.0218 0540 Scan started
    20:45:02.0218 0540 Mode: Manual;
    20:45:02.0218 0540 ============================================================
    20:45:02.0718 0540 Abiosdsk - ok
    20:45:02.0765 0540 abp480n5 - ok
    20:45:02.0828 0540 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:45:02.0843 0540 ACPI - ok
    20:45:02.0953 0540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:45:02.0953 0540 ACPIEC - ok
    20:45:03.0000 0540 adpu160m - ok
    20:45:03.0125 0540 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    20:45:03.0125 0540 aeaudio - ok
    20:45:03.0203 0540 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    20:45:03.0203 0540 aec - ok
    20:45:03.0343 0540 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
    20:45:03.0343 0540 AFD - ok
    20:45:03.0406 0540 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    20:45:03.0406 0540 agp440 - ok
    20:45:03.0500 0540 Aha154x - ok
    20:45:03.0531 0540 aic78u2 - ok
    20:45:03.0546 0540 aic78xx - ok
    20:45:03.0578 0540 AliIde - ok
    20:45:03.0609 0540 amsint - ok
    20:45:03.0656 0540 asc - ok
    20:45:03.0671 0540 asc3350p - ok
    20:45:03.0703 0540 asc3550 - ok
    20:45:03.0765 0540 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:45:03.0765 0540 AsyncMac - ok
    20:45:03.0875 0540 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:45:03.0875 0540 atapi - ok
    20:45:03.0953 0540 Atdisk - ok
    20:45:04.0015 0540 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:45:04.0015 0540 Atmarpc - ok
    20:45:04.0140 0540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:45:04.0140 0540 audstub - ok
    20:45:04.0171 0540 AvgLdx86 - ok
    20:45:04.0250 0540 AvgMfx86 - ok
    20:45:04.0328 0540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:45:04.0328 0540 Beep - ok
    20:45:04.0437 0540 catchme - ok
    20:45:04.0562 0540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:45:04.0562 0540 cbidf2k - ok
    20:45:04.0640 0540 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    20:45:04.0640 0540 CCDECODE - ok
    20:45:04.0734 0540 cd20xrnt - ok
    20:45:04.0812 0540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:45:04.0812 0540 Cdaudio - ok
    20:45:04.0906 0540 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:45:04.0906 0540 Cdfs - ok
    20:45:04.0984 0540 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:45:04.0984 0540 Cdrom - ok
    20:45:05.0062 0540 Changer - ok
    20:45:05.0140 0540 CmdIde - ok
    20:45:05.0218 0540 Cpqarray - ok
    20:45:05.0265 0540 dac2w2k - ok
    20:45:05.0328 0540 dac960nt - ok
    20:45:05.0421 0540 DigiNet (411670143f7b98520e0708f2fa263b9d) C:\WINDOWS\system32\DRIVERS\diginet.sys
    20:45:05.0421 0540 DigiNet - ok
    20:45:05.0531 0540 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:45:05.0531 0540 Disk - ok
    20:45:05.0625 0540 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    20:45:05.0640 0540 dmboot - ok
    20:45:05.0765 0540 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    20:45:05.0781 0540 dmio - ok
    20:45:05.0828 0540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:45:05.0828 0540 dmload - ok
    20:45:05.0953 0540 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    20:45:05.0953 0540 DMusic - ok
    20:45:06.0046 0540 dpti2o - ok
    20:45:06.0093 0540 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:45:06.0093 0540 drmkaud - ok
    20:45:06.0234 0540 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    20:45:06.0234 0540 E100B - ok
    20:45:06.0312 0540 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:45:06.0312 0540 Fastfat - ok
    20:45:06.0437 0540 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    20:45:06.0437 0540 Fdc - ok
    20:45:06.0500 0540 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    20:45:06.0500 0540 Fips - ok
    20:45:06.0625 0540 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:45:06.0625 0540 Flpydisk - ok
    20:45:06.0687 0540 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    20:45:06.0687 0540 FltMgr - ok
    20:45:06.0812 0540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:45:06.0812 0540 Fs_Rec - ok
    20:45:06.0875 0540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:45:06.0890 0540 Ftdisk - ok
    20:45:07.0000 0540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    20:45:07.0000 0540 GEARAspiWDM - ok
    20:45:07.0093 0540 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:45:07.0093 0540 Gpc - ok
    20:45:07.0187 0540 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
    20:45:07.0187 0540 grmnusb - ok
    20:45:07.0281 0540 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:45:07.0281 0540 hidusb - ok
    20:45:07.0359 0540 hpn - ok
    20:45:07.0437 0540 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
    20:45:07.0453 0540 HSFHWBS2 - ok
    20:45:07.0578 0540 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
    20:45:07.0609 0540 HSF_DP - ok
    20:45:07.0703 0540 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:45:07.0718 0540 HTTP - ok
    20:45:07.0812 0540 i2omgmt - ok
    20:45:07.0828 0540 i2omp - ok
    20:45:07.0890 0540 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:45:07.0890 0540 i8042prt - ok
    20:45:07.0984 0540 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:45:07.0984 0540 Imapi - ok
    20:45:08.0062 0540 ini910u - ok
    20:45:08.0156 0540 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:45:08.0156 0540 IntelIde - ok
    20:45:08.0265 0540 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:45:08.0265 0540 intelppm - ok
    20:45:08.0312 0540 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    20:45:08.0312 0540 Ip6Fw - ok
    20:45:08.0421 0540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:45:08.0421 0540 IpFilterDriver - ok
    20:45:08.0500 0540 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:45:08.0500 0540 IpInIp - ok
    20:45:08.0593 0540 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:45:08.0593 0540 IpNat - ok
    20:45:08.0671 0540 IPSec (37a4ddd17195f6d65e3a6731c70a103f) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:45:08.0671 0540 IPSec - ok
    20:45:08.0796 0540 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:45:08.0796 0540 IRENUM - ok
    20:45:08.0875 0540 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:45:08.0890 0540 isapnp - ok
    20:45:09.0000 0540 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:45:09.0000 0540 Kbdclass - ok
    20:45:09.0046 0540 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:45:09.0046 0540 kbdhid - ok
    20:45:09.0140 0540 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
    20:45:09.0140 0540 kmixer - ok
    20:45:09.0250 0540 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:45:09.0250 0540 KSecDD - ok
    20:45:09.0328 0540 lbrtfdc - ok
    20:45:09.0453 0540 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\WINDOWS\system32\DRIVERS\libusb0.sys
    20:45:09.0453 0540 libusb0 - ok
    20:45:09.0593 0540 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    20:45:09.0593 0540 mdmxsdk - ok
    20:45:09.0671 0540 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    20:45:09.0671 0540 Modem - ok
    20:45:09.0781 0540 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    20:45:09.0781 0540 MODEMCSA - ok
    20:45:09.0843 0540 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:45:09.0843 0540 Mouclass - ok
    20:45:09.0968 0540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:45:09.0968 0540 mouhid - ok
    20:45:10.0031 0540 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:45:10.0031 0540 MountMgr - ok
    20:45:10.0125 0540 mraid35x - ok
    20:45:10.0187 0540 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:45:10.0187 0540 MRxDAV - ok
    20:45:10.0328 0540 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:45:10.0343 0540 MRxSmb - ok
    20:45:10.0484 0540 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    20:45:10.0500 0540 Msfs - ok
    20:45:10.0562 0540 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:45:10.0562 0540 MSKSSRV - ok
    20:45:10.0687 0540 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:45:10.0687 0540 MSPCLOCK - ok
    20:45:10.0750 0540 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:45:10.0750 0540 MSPQM - ok
    20:45:10.0875 0540 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:45:10.0875 0540 mssmbios - ok
    20:45:10.0937 0540 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    20:45:10.0937 0540 MSTEE - ok
    20:45:11.0062 0540 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
    20:45:11.0062 0540 Mup - ok
    20:45:11.0187 0540 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    20:45:11.0187 0540 NABTSFEC - ok
    20:45:11.0265 0540 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    20:45:11.0265 0540 NDIS - ok
    20:45:11.0375 0540 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    20:45:11.0390 0540 NdisIP - ok
    20:45:11.0468 0540 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:45:11.0468 0540 NdisTapi - ok
    20:45:11.0593 0540 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:45:11.0593 0540 Ndisuio - ok
    20:45:11.0625 0540 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:45:11.0625 0540 NdisWan - ok
    20:45:11.0750 0540 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:45:11.0750 0540 NDProxy - ok
    20:45:11.0828 0540 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:45:11.0828 0540 NetBIOS - ok
    20:45:11.0937 0540 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:45:11.0937 0540 NetBT - ok
    20:45:12.0078 0540 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    20:45:12.0078 0540 Npfs - ok
    20:45:12.0171 0540 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:45:12.0187 0540 Ntfs - ok
    20:45:12.0328 0540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:45:12.0328 0540 Null - ok
    20:45:12.0484 0540 nv (10458bfc0968e7e69d77f292942b27b1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    20:45:12.0578 0540 nv - ok
    20:45:12.0718 0540 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    20:45:12.0718 0540 Parport - ok
    20:45:12.0781 0540 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:45:12.0781 0540 PartMgr - ok
    20:45:12.0859 0540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:45:12.0859 0540 ParVdm - ok
    20:45:12.0937 0540 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:45:12.0937 0540 PCI - ok
    20:45:13.0031 0540 PCIDump - ok
    20:45:13.0093 0540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    20:45:13.0093 0540 PCIIde - ok
    20:45:13.0234 0540 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:45:13.0234 0540 Pcmcia - ok
    20:45:13.0312 0540 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    20:45:13.0312 0540 pcouffin - ok
    20:45:13.0390 0540 PDCOMP - ok
    20:45:13.0437 0540 PDFRAME - ok
    20:45:13.0515 0540 PDRELI - ok
    20:45:13.0546 0540 PDRFRAME - ok
    20:45:13.0578 0540 perc2 - ok
    20:45:13.0593 0540 perc2hib - ok
    20:45:13.0671 0540 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
    20:45:13.0671 0540 Point32 - ok
    20:45:13.0750 0540 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:45:13.0750 0540 PptpMiniport - ok
    20:45:13.0843 0540 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:45:13.0843 0540 PSched - ok
    20:45:13.0921 0540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:45:13.0921 0540 Ptilink - ok
    20:45:14.0031 0540 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:45:14.0031 0540 PxHelp20 - ok
    20:45:14.0140 0540 QCMerced (b607f201293e884f36f9a2ac2c960853) C:\WINDOWS\system32\DRIVERS\LVCM.sys
    20:45:14.0156 0540 QCMerced - ok
    20:45:14.0218 0540 ql1080 - ok
    20:45:14.0250 0540 Ql10wnt - ok
    20:45:14.0296 0540 ql12160 - ok
    20:45:14.0328 0540 ql1240 - ok
    20:45:14.0343 0540 ql1280 - ok
    20:45:14.0390 0540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:45:14.0390 0540 RasAcd - ok
    20:45:14.0515 0540 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:45:14.0515 0540 Rasl2tp - ok
    20:45:14.0609 0540 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:45:14.0609 0540 RasPppoe - ok
    20:45:14.0734 0540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:45:14.0734 0540 Raspti - ok
    20:45:14.0796 0540 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:45:14.0796 0540 Rdbss - ok
    20:45:14.0921 0540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:45:14.0921 0540 RDPCDD - ok
    20:45:14.0968 0540 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:45:14.0984 0540 rdpdr - ok
    20:45:15.0062 0540 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:45:15.0078 0540 RDPWD - ok
    20:45:15.0171 0540 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:45:15.0171 0540 redbook - ok
    20:45:15.0296 0540 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    20:45:15.0296 0540 rspndr - ok
    20:45:15.0421 0540 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    20:45:15.0421 0540 SASDIFSV - ok
    20:45:15.0453 0540 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    20:45:15.0453 0540 SASKUTIL - ok
    20:45:15.0578 0540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:45:15.0578 0540 Secdrv - ok
    20:45:15.0656 0540 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:45:15.0656 0540 serenum - ok
    20:45:15.0765 0540 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    20:45:15.0781 0540 Serial - ok
    20:45:15.0843 0540 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:45:15.0843 0540 Sfloppy - ok
    20:45:15.0937 0540 Simbad - ok
    20:45:16.0000 0540 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    20:45:16.0000 0540 SLIP - ok
    20:45:16.0156 0540 smwdm (12d9287937366bf1c9ad7007b5407deb) C:\WINDOWS\system32\drivers\smwdm.sys
    20:45:16.0171 0540 smwdm - ok
    20:45:16.0265 0540 Sparrow - ok
    20:45:16.0328 0540 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
    20:45:16.0328 0540 splitter - ok
    20:45:16.0484 0540 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
    20:45:16.0484 0540 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
    20:45:16.0500 0540 sptd ( LockedFile.Multi.Generic ) - warning
    20:45:16.0500 0540 sptd - detected LockedFile.Multi.Generic (1)
    20:45:16.0593 0540 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:45:16.0593 0540 sr - ok
    20:45:16.0703 0540 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:45:16.0718 0540 Srv - ok
    20:45:16.0859 0540 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    20:45:16.0859 0540 streamip - ok
    20:45:16.0937 0540 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:45:16.0937 0540 swenum - ok
    20:45:17.0015 0540 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    20:45:17.0015 0540 swmidi - ok
    20:45:17.0093 0540 symc810 - ok
    20:45:17.0140 0540 symc8xx - ok
    20:45:17.0187 0540 sym_hi - ok
    20:45:17.0250 0540 sym_u3 - ok
    20:45:17.0312 0540 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:45:17.0312 0540 sysaudio - ok
    20:45:17.0453 0540 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:45:17.0468 0540 Tcpip - ok
    20:45:17.0593 0540 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:45:17.0593 0540 TDPIPE - ok
    20:45:17.0656 0540 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:45:17.0671 0540 TDTCP - ok
    20:45:17.0765 0540 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:45:17.0765 0540 TermDD - ok
    20:45:17.0875 0540 TosIde - ok
    20:45:17.0953 0540 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    20:45:17.0953 0540 Udfs - ok
    20:45:18.0031 0540 ultra - ok
    20:45:18.0093 0540 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
    20:45:18.0109 0540 Update - ok
    20:45:18.0250 0540 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    20:45:18.0250 0540 USBAAPL - ok
    20:45:18.0343 0540 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    20:45:18.0343 0540 usbaudio - ok
    20:45:18.0468 0540 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    20:45:18.0468 0540 usbbus - ok
    20:45:18.0531 0540 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:45:18.0531 0540 usbccgp - ok
    20:45:18.0656 0540 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    20:45:18.0656 0540 UsbDiag - ok
    20:45:18.0718 0540 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:45:18.0718 0540 usbehci - ok
    20:45:18.0843 0540 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:45:18.0843 0540 usbhub - ok
    20:45:18.0906 0540 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    20:45:18.0906 0540 USBModem - ok
    20:45:19.0031 0540 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:45:19.0031 0540 usbprint - ok
    20:45:19.0093 0540 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:45:19.0093 0540 USBSTOR - ok
    20:45:19.0203 0540 usbuhci (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:45:19.0203 0540 usbuhci - ok
    20:45:19.0265 0540 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    20:45:19.0265 0540 VgaSave - ok
    20:45:19.0343 0540 ViaIde - ok
    20:45:19.0437 0540 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:45:19.0437 0540 VolSnap - ok
    20:45:19.0578 0540 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:45:19.0578 0540 Wanarp - ok
    20:45:19.0656 0540 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    20:45:19.0671 0540 Wdf01000 - ok
    20:45:19.0750 0540 WDICA - ok
    20:45:19.0828 0540 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:45:19.0828 0540 wdmaud - ok
    20:45:19.0953 0540 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
    20:45:19.0984 0540 winachsf - ok
    20:45:20.0125 0540 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    20:45:20.0125 0540 WinUSB - ok
    20:45:20.0218 0540 WMP11V27 (f7c6cc420c21eb1a73f6a73bfec96f2c) C:\WINDOWS\system32\DRIVERS\WMP11V27.sys
    20:45:20.0234 0540 WMP11V27 - ok
    20:45:20.0359 0540 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    20:45:20.0359 0540 WpdUsb - ok
    20:45:20.0468 0540 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    20:45:20.0468 0540 WSTCODEC - ok
    20:45:20.0609 0540 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:45:20.0609 0540 WudfPf - ok
    20:45:20.0687 0540 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:45:20.0703 0540 WudfRd - ok
    20:45:20.0812 0540 zumbus (6bfb54f73aae470e9299e66cbc7bb632) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    20:45:20.0812 0540 zumbus - ok
    20:45:20.0890 0540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    20:45:21.0046 0540 \Device\Harddisk0\DR0 - ok
    20:45:21.0078 0540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    20:45:21.0078 0540 \Device\Harddisk1\DR1 - ok
    20:45:21.0093 0540 Boot (0x1200) (499de547869951f996f156bed7a209f6) \Device\Harddisk0\DR0\Partition0
    20:45:21.0093 0540 \Device\Harddisk0\DR0\Partition0 - ok
    20:45:21.0109 0540 Boot (0x1200) (919950ad12d80f1c32c89d55c1047d20) \Device\Harddisk1\DR1\Partition0
    20:45:21.0109 0540 \Device\Harddisk1\DR1\Partition0 - ok
    20:45:21.0125 0540 ============================================================
    20:45:21.0125 0540 Scan finished
    20:45:21.0125 0540 ============================================================
    20:45:21.0140 1868 Detected object count: 1
    20:45:21.0140 1868 Actual detected object count: 1
    20:45:49.0406 1868 sptd ( LockedFile.Multi.Generic ) - skipped by user
    20:45:49.0406 1868 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  22. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    ComboFix 12-01-02.01 - Owner 01/04/2012 22:11:18.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.568 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\mikem.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\~3YZtDSp2OTCtkw
    c:\documents and settings\All Users\Application Data\~3YZtDSp2OTCtkwr
    c:\documents and settings\All Users\Application Data\3YZtDSp2OTCtkw
    .
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 64.233.217.5 64.233.217.2
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8r0t04cw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: lget: {bb117431-63c1-4a4d-8e4e-47f02268b2c6} - %profile%\extensions\{bb117431-63c1-4a4d-8e4e-47f02268b2c6}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
    MSConfigStartUp-gyjAEPulVY - c:\documents and settings\All Users\Application Data\gyjAEPulVY.exe
    AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-04 22:30
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-746137067-1960408961-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:82,26,6d,5b,2f,83,88,1e,1a,e7,78,4f,2b,9e,b5,86,ea,6b,35,20,6a,19,f6,
    05,d9,34,0a,f4,16,a5,25,eb,dc,de,4a,11,6b,e5,31,5e,0b,ba,03,90,c9,e2,8d,14,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(484)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-01-04 22:41:17
    ComboFix-quarantined-files.txt 2012-01-05 03:41
    .
    Pre-Run: 8,908,578,816 bytes free
    Post-Run: 11,571,367,936 bytes free
    .
    - - End Of File - - 537E3F0417D24DEC6494DDC560C74217
    ((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-04 23:12 . 2012-01-04 23:13 -------- d-----w- C:\FRST
    2012-01-02 01:35 . 2012-01-02 01:35 -------- d-----w- c:\program files\****YouVirus
    2012-01-02 00:41 . 2012-01-02 00:41 -------- d-----w- c:\program files\Tangosoft
    2011-12-30 18:54 . 2011-12-30 18:54 -------- d--h--w- c:\documents and settings\Owner\Local Settings\Application Data\Citrix
    2011-12-30 00:06 . 2011-12-30 00:06 -------- d--h--w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2011-12-29 23:54 . 2011-12-29 23:54 -------- d--h--w- c:\program files\CCleaner
    2011-12-29 23:30 . 2011-12-30 03:03 -------- d--h--w- c:\program files\SUPERAntiSpyware
    2011-12-29 23:30 . 2011-12-29 23:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-12-29 23:29 . 2011-12-29 23:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\SUPERSetup
    2011-12-28 20:51 . 2011-12-28 20:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\AIM
    2011-12-28 20:50 . 2011-12-28 20:50 -------- d--h--w- c:\program files\AIM
    2011-12-28 20:50 . 2011-12-28 20:50 -------- d--h--w- c:\program files\Common Files\Software Update Utility
    2011-12-24 14:29 . 2011-12-24 14:29 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-23 16:40 . 2011-12-23 16:40 -------- d--h--w- c:\documents and settings\Owner\Application Data\comcasttb
    2011-12-23 16:39 . 2011-12-23 16:42 -------- d--h--w- c:\documents and settings\Owner\Application Data\CallingID
    2011-12-23 16:39 . 2011-12-23 16:39 -------- d--h--w- c:\program files\Common Files\scanner
    2011-12-23 16:39 . 2011-12-23 16:39 -------- d--h--w- c:\program files\comcasttb
    2011-12-23 16:38 . 2011-12-23 16:38 -------- d--h--w- c:\program files\CA
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 20:24 . 2010-05-07 23:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
    [-] 2004-08-12 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
    [-] 2004-08-12 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
    .
    [-] 2004-08-12 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
    [-] 2004-08-12 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\kbdclass.sys
    [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
    [-] 2004-08-12 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
    [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2004-08-12 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
    .
    [-] 2004-08-12 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    .
    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2007-02-20 . 253E84B9C0F0D9CD42E0892413D69DAA . 360704 . . [5.1.2600.2956] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
    .
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
    [-] 2007-02-20 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
    [-] 2004-08-12 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
    [-] 2007-02-20 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll
    [-] 2004-08-12 06:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
    [-] 2004-08-12 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
    .
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
    [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
    [-] 2007-02-20 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
    .
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
    [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
    [-] 2004-08-12 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe
    .
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
    [-] 2007-02-20 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
    [-] 2004-08-12 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys
    [-] 2004-08-12 06:00 . 37A4DDD17195F6D65E3A6731C70A103F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys
    .
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
    [-] 2007-02-20 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2007-02-20 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    [-] 2004-08-12 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
    [-] 2007-02-20 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
    .
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
    [-] 2007-02-20 06:43 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\$NtUninstallKB950974$\es.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
    [-] 2004-08-12 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
    .
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
    [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
    [-] 2007-02-20 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
    [-] 2007-02-20 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
    [-] 2004-08-12 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
    .
    [-] 2010-05-05 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\system32\mshtml.dll
    [-] 2010-05-05 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
    [-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
    [-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
    [-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
    [-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
    [-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
    [-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
    [-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
    [-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
    [-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
    [-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
    [-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
    [-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
    [-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
    [-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
    [-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
    [-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
    [-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
    [-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
    [-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    [-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
    [-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
    [-] 2004-08-12 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
    [-] 2004-08-12 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2004-08-12 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
    [-] 2004-08-12 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
    .
    [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\netlogon.dll
    [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
    [-] 2004-08-12 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389$\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
    [-] 2004-08-12 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
    [-] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
    [-] 2004-08-12 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
    [-] 2004-08-12 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
    [-] 2007-02-20 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
    [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
    [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
    [-] 2007-02-20 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
    [-] 2004-08-12 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
    .
    [-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\system32\wininet.dll
    [-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
    [-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
    [-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
    [-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
    [-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
    [-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
    [-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
    [-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
    [-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
    [-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
    [-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
    [-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
    [-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
    [-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
    [-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
    [-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
    [-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
    [-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
    [-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    [-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    [-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
    [-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
    [-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    [-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
    [-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
    [-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
    [-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
    [-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    [-] 2007-02-20 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\ie7\wininet.dll
    [-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
    [-] 2004-08-12 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2help.dll
    [-] 2004-08-12 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
    [-] 2007-02-16 . CD755F94692DB3FB4C6642B075BDD683 . 1403392 . . [6.00.2900.2894] . . c:\windows\$NtUninstallKB938828$\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regedit.exe
    [-] 2004-08-12 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
    .
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ole32.dll
    [-] 2007-02-20 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\ole32.dll
    .
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usp10.dll
    [-] 2004-08-12 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ksuser.dll
    [-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
    [-] 2004-08-12 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
    .
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
    [-] 2007-02-20 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
    [-] 2004-08-12 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
    [-] 2004-08-12 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
    [-] 2004-08-12 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
    [-] 2004-08-12 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
    [-] 2004-08-12 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys
    [-] 2004-08-12 06:00 . 37A4DDD17195F6D65E3A6731C70A103F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
    [-] 2004-08-12 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
     
  23. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
    [-] 2004-08-12 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
    [-] 2007-02-20 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\hnetcfg.dll
    [-] 2004-08-12 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
    .
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
    [-] 2004-08-12 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
    .
    [-] 2004-08-12 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
    [-] 2005-05-27 23:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
    .
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
    [-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
    [-] 2004-08-12 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
    .
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
    [-] 2007-02-20 07:38 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    .
    [-] 2007-01-17 21:43 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    .
    [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
    [-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3GDR\ntkrnlpa.exe
    [-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
    [-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
    [-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
    [-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
    [-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
    [-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
    [-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
    [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
    [-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
    [-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    [-] 2007-02-20 . 972DF9BC435B2F077B02C5E8A09ACF83 . 2059264 . . [5.1.2600.3023] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
    [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
    [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
    [-] 2004-08-12 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dsound.dll
    [-] 2004-08-12 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\d3d9.dll
    [-] 2004-08-12 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ddraw.dll
    [-] 2004-08-12 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\olepro32.dll
    [-] 2004-08-12 06:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\perfctrs.dll
    [-] 2004-08-12 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\version.dll
    [-] 2004-08-12 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
    .
    [-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
    [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe
    [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    [-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
    [-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
    [-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3GDR\ntoskrnl.exe
    [-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
    [-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
    [-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
    [-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
    [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
    [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
    [-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
    [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
    [-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
    [-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
    [-] 2007-02-05 . C0A57196E32E2A04724B3FC52A85AD6A . 2197760 . . [5.1.2600.3023] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
    [-] 2004-08-12 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\w32time.dll
    [-] 2004-08-12 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wiaservc.dll
    [-] 2007-02-20 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\midimap.dll
    [-] 2004-08-12 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasadhlp.dll
    [-] 2007-02-20 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
    .
    c:\windows\System32\regsvc.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2002-01-08 6803456]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2002-01-08 86016]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2010-05-04 124928]
    .
    c:\documents and settings\Dad\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-02-28 21:07 132392 ---ha-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ---ha-w- c:\program files\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 20:33 141624 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2003-07-01 00:56 188416 ---ha-w- c:\program files\Logitech\Video\ISStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2003-07-01 01:00 65536 ---ha-w- c:\program files\Logitech\Video\LogiTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-02-18 20:29 2221352 ---ha-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-02-28 13:59 570664 ---ha-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2002-01-08 17:34 1519616 ---ha-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 02:16 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-01-07 19:38 158448 ---ha-w- c:\program files\Zune\ZuneLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZuneNetworkSvc"=3 (0x3)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "PLFlash DeviceIoControl Service"=2 (0x2)
    "NMIndexingService"=3 (0x3)
    "AntiSpywareService"=2 (0x2)
    "ITMRTSVC"=2 (0x2)
    "BITS"=3 (0x3)
    "!SASCORE"=2 (0x2)
    "avg9wd"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\BitPim\\bitpimw.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "49553:TCP"= 49553:TCP:*:Disabled:mike
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/13/2008 3:16 AM 716272]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/9/2009 10:23 AM 16400]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/13/2008 2:03 AM 24652]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/11/2008 10:48 AM 47360]
    R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [3/13/2008 12:42 AM 171776]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [6/23/2011 9:43 PM 28160]
    S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 64.233.217.5 64.233.217.2
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8r0t04cw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: lget: {bb117431-63c1-4a4d-8e4e-47f02268b2c6} - %profile%\extensions\{bb117431-63c1-4a4d-8e4e-47f02268b2c6}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
    MSConfigStartUp-gyjAEPulVY - c:\documents and settings\All Users\Application Data\gyjAEPulVY.exe
    AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-04 22:30
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-746137067-1960408961-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:82,26,6d,5b,2f,83,88,1e,1a,e7,78,4f,2b,9e,b5,86,ea,6b,35,20,6a,19,f6,
    05,d9,34,0a,f4,16,a5,25,eb,dc,de,4a,11,6b,e5,31,5e,0b,ba,03,90,c9,e2,8d,14,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(484)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-01-04 22:41:17
    ComboFix-quarantined-files.txt 2012-01-05 03:41
    .
    Pre-Run: 8,908,578,816 bytes free
    Post-Run: 11,571,367,936 bytes free
    .
    - - End Of File - - 537E3F0417D24DEC6494DDC560C74217
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    How is computer doing?

    We have one system file missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      regsvc.dll
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Also....

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.
     
  25. hmMurdock914

    hmMurdock914 TS Rookie Topic Starter Posts: 30

    So far I've got my desktop Icons back and it seems to be functioning normally other than I can't connect to the internet. Here is the system look scan:

    SystemLook 30.07.11 by jpshortstuff

    Log created at 23:38 on 05/01/2012 by Owner

    Administrator - Elevation successful



    ========== filefind ==========



    Searching for "regsvc.dll"

    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll --a---- 59904 bytes [06:52 17/08/2008] [00:12 14/04/2008] 5B19B557B0C188210A56A6B699D90B8F



    -= EOF =-
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...