Jump to content

Malwarebytes

rootkits keep coming back

- - - - -
Started by GeeWhiz00, May 06 2012 08:06 PM
rootkits

54 replies to this topic

#1
GeeWhiz00
Posted 06 May 2012 - 08:06 PM

    New Member

  • Members
  • Pip
  • 30 posts
Malwarebytes is able to remove the rootkits, but they keep coming back. They return slower if I boot into safe mode. The primary symptom is redirection to unwanted websites and opening up new browsing windows to unwanted websites. My DDS and attach files are below. Thanks in advance.


DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by aida at 20:11:16 on 2012-05-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.316 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ZumoDrive] c:\program files\zecter\zumodrive\ZumoLauncher.lnk
uRun: [Google Update] "c:\documents and settings\aida\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_233_Plugin.exe -update plugin
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [ZumoDrive] "c:\program files\zecter\zumodrive\ZumoLauncher.lnk"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9C98642B-78C9-4923-8DFD-BE08F792C45B} : DhcpNameServer = 10.0.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} -
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php
FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\screencaptureelite@plugin\platform\winnt_x86-msvc\components\SCEFF3Client.dll
FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\aida\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin
FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2003-9-15 19016]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-4-12 147416]
S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 129928]
S2 clientservice;Crcdisk;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 110920]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-29 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253088]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-6 40776]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-5 44928]
.
=============== Created Last 30 ================
.
2012-05-06 14:03:48 54016 -c--a-w- c:\windows\system32\drivers\tjpcg.sys
2012-05-06 09:03:21 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-14 18:49:13 -------- d-----w- C:\8b932b19c531de31486369ac
2012-04-14 18:27:22 -------- d-----w- C:\a13e1fdda4f013cfa6a1
2012-04-13 07:02:44 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-12 22:46:55 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643
2012-04-12 19:46:14 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925
2012-04-12 18:04:45 -------- d-----w- C:\b39195a5979437de95c7ae2e
2012-04-09 17:56:24 418464 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-06 02:43:00 0 -csha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-14 05:13:02 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 18:01:33 102400 -c--a-w- c:\windows\RegBootClean.exe
2012-04-11 17:55:44 22032 -c--a-w- c:\windows\DCEBoot.exe
2012-04-04 19:56:40 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 22:28:49 60304 -c--a-w- c:\documents and settings\aida\g2mdlhlpx.exe
2012-03-01 11:01:32 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 -c--a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 -c----w- c:\windows\system32\html.iec
.
============= FINISH: 20:17:52.07 ===============











UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/16/2003 3:38:32 AM
System Uptime: 5/5/2012 10:41:11 PM (22 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CUW-FX
Processor: Intel Pentium III processor | PGA 370 | 651/100mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe SVG Viewer 3.0
Content Buzzer
Content Notifier
Dynamic Traders Group, Inc. DT6 ver 1
EasyCleaner
ePrompter
Foxit Reader
FXDD - MetaTrader 4.00
Google Talk Plugin
GoToMeeting 5.1.0.880
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java™ 6 Update 20
Kcast Beta 2.0.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Data Access Components KB870669
Microsoft FrontPage Client - English
Microsoft Office 2000 Premium
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual Studio .NET Professional 2003 - English
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero - Burning Rom
Panda Cloud Antivirus
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SSH Secure Shell
Turbo Trader 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
ZumoDrive
.
==== Event Viewer Messages From Past Week ========
.
5/3/2012 12:37:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/3/2012 12:19:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CbFs Fips P3 PSINKNC
5/3/2012 12:10:11 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
5/3/2012 12:10:01 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: The specified module could not be found.
4/29/2012 5:10:02 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
4/29/2012 5:10:01 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
4/29/2012 4:32:00 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
4/29/2012 4:27:47 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The VAIOMediaPlatform-PhotoServer-HTTP service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The USB3 Service service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Snac service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Sfcure01 service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Savrt service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Proxyhostdriver service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The P1131vid service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Mstdc service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ma763004 service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The K750obex service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The CTSYN service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Crcdisk service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Cmudau service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The ClntMgmt.sys service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The BVRPMPR5 service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Awhost32 service terminated with the following error: The specified module could not be found.
4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ati2mtaa service terminated with the following error: The specified module could not be found.
4/29/2012 4:23:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

#2
Maniac
Posted 07 May 2012 - 02:56 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Hello GeeWhiz00 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#3
GeeWhiz00
Posted 08 May 2012 - 10:32 AM

    New Member

  • Members
  • Pip
  • 30 posts
I decided to clean. I'll avoid using any passwords on the infected PC.
I realized afterward that I should have done a quick Malwarebytes scan rather than a full scan that took way over 14 hours to complete!.

17:50:35.0415 2984 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:50:35.0996 2984 ============================================================
17:50:35.0996 2984 Current date / time: 2012/05/07 17:50:35.0996
17:50:35.0996 2984 SystemInfo:
17:50:35.0996 2984
17:50:35.0996 2984 OS Version: 5.1.2600 ServicePack: 3.0
17:50:35.0996 2984 Product type: Workstation
17:50:35.0996 2984 ComputerName: ADMIN
17:50:35.0996 2984 UserName: aida
17:50:35.0996 2984 Windows directory: C:\WINDOWS
17:50:35.0996 2984 System windows directory: C:\WINDOWS
17:50:35.0996 2984 Processor architecture: Intel x86
17:50:35.0996 2984 Number of processors: 1
17:50:35.0996 2984 Page size: 0x1000
17:50:35.0996 2984 Boot type: Normal boot
17:50:35.0996 2984 ============================================================
17:51:09.0164 2984 Drive \Device\Harddisk0\DR0 - Size: 0x25C77C000 (9.44 Gb), SectorSize: 0x200, Cylinders: 0x4D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:51:09.0324 2984 ============================================================
17:51:09.0324 2984 \Device\Harddisk0\DR0:
17:51:09.0374 2984 MBR partitions:
17:51:09.0374 2984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12E0091
17:51:09.0374 2984 ============================================================
17:51:11.0076 2984 C: <-> \Device\Harddisk0\DR0\Partition0
17:51:11.0176 2984 ============================================================
17:51:11.0176 2984 Initialize success
17:51:11.0176 2984 ============================================================
17:51:15.0383 3128 ============================================================
17:51:15.0383 3128 Scan started
17:51:15.0383 3128 Mode: Manual;
17:51:15.0383 3128 ============================================================
17:51:20.0540 3128 Abiosdsk - ok
17:51:20.0610 3128 abp480n5 - ok
17:51:20.0971 3128 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
17:51:21.0041 3128 ac97intc - ok
17:51:21.0301 3128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:51:21.0321 3128 ACPI - ok
17:51:21.0501 3128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:51:21.0561 3128 ACPIEC - ok
17:51:21.0642 3128 acrsch2svc - ok
17:51:21.0892 3128 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
17:51:21.0962 3128 ADM8511 - ok
17:51:22.0423 3128 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:51:22.0513 3128 AdobeFlashPlayerUpdateSvc - ok
17:51:22.0583 3128 adpu160m - ok
17:51:22.0673 3128 adsexpb - ok
17:51:22.0853 3128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:51:22.0903 3128 aec - ok
17:51:23.0204 3128 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:51:23.0254 3128 AFD - ok
17:51:23.0304 3128 Aha154x - ok
17:51:23.0374 3128 aic78u2 - ok
17:51:23.0434 3128 aic78xx - ok
17:51:23.0584 3128 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:51:23.0624 3128 Alerter - ok
17:51:23.0795 3128 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:51:23.0795 3128 ALG - ok
17:51:23.0865 3128 AliIde - ok
17:51:23.0965 3128 amsint - ok
17:51:24.0085 3128 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:51:24.0105 3128 AppMgmt - ok
17:51:24.0165 3128 asc - ok
17:51:24.0225 3128 asc3350p - ok
17:51:24.0295 3128 asc3550 - ok
17:51:24.0636 3128 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:51:24.0776 3128 aspnet_state - ok
17:51:24.0886 3128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:51:24.0886 3128 AsyncMac - ok
17:51:25.0177 3128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:51:25.0187 3128 atapi - ok
17:51:25.0267 3128 Atdisk - ok
17:51:25.0577 3128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:51:25.0607 3128 Atmarpc - ok
17:51:25.0807 3128 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:51:25.0807 3128 AudioSrv - ok
17:51:25.0958 3128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:51:25.0958 3128 audstub - ok
17:51:26.0188 3128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:51:26.0208 3128 Beep - ok
17:51:26.0488 3128 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:51:26.0909 3128 BITS - ok
17:51:27.0149 3128 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:51:27.0149 3128 Browser - ok
17:51:27.0790 3128 catchme - ok
17:51:28.0101 3128 CbFs (560c3ac812597d58626d6c92fdc7f58d) C:\WINDOWS\system32\drivers\cbfs.sys
17:51:28.0101 3128 CbFs - ok
17:51:28.0211 3128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:51:28.0211 3128 cbidf2k - ok
17:51:28.0281 3128 cd20xrnt - ok
17:51:28.0461 3128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:51:28.0501 3128 Cdaudio - ok
17:51:29.0262 3128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:51:29.0303 3128 Cdfs - ok
17:51:29.0733 3128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:51:29.0783 3128 Cdrom - ok
17:51:29.0843 3128 Changer - ok
17:51:29.0903 3128 cisvc - ok
17:51:29.0963 3128 clientservice - ok
17:51:30.0094 3128 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:51:30.0144 3128 ClipSrv - ok
17:51:30.0304 3128 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:51:31.0956 3128 clr_optimization_v2.0.50727_32 - ok
17:51:32.0457 3128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:51:34.0200 3128 clr_optimization_v4.0.30319_32 - ok
17:51:34.0270 3128 CmdIde - ok
17:51:34.0320 3128 COMSysApp - ok
17:51:34.0410 3128 Cpqarray - ok
17:51:34.0530 3128 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:51:34.0540 3128 CryptSvc - ok
17:51:34.0590 3128 crystaloutputfileserver - ok
17:51:34.0660 3128 dac2w2k - ok
17:51:34.0720 3128 dac960nt - ok
17:51:34.0780 3128 db2licd - ok
17:51:38.0175 3128 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:51:38.0796 3128 DcomLaunch - ok
17:51:41.0981 3128 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:51:42.0191 3128 Dhcp - ok
17:51:47.0379 3128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:51:47.0439 3128 Disk - ok
17:51:47.0499 3128 dmadmin - ok
17:51:49.0311 3128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:51:49.0862 3128 dmboot - ok
17:51:53.0928 3128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:51:54.0018 3128 dmio - ok
17:51:54.0088 3128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:51:54.0098 3128 dmload - ok
17:51:54.0258 3128 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:51:54.0258 3128 dmserver - ok
17:51:54.0359 3128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:51:54.0399 3128 DMusic - ok
17:51:54.0769 3128 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:51:54.0799 3128 Dnscache - ok
17:51:55.0130 3128 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:51:55.0140 3128 Dot3svc - ok
17:51:55.0210 3128 dpti2o - ok
17:51:55.0350 3128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:51:55.0350 3128 drmkaud - ok
17:51:55.0450 3128 DSI_SiUSBXp_3_1 - ok
17:51:55.0630 3128 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:51:55.0640 3128 EapHost - ok
17:51:55.0700 3128 ELmou - ok
17:51:55.0761 3128 emproxy - ok
17:51:56.0231 3128 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:51:56.0231 3128 ERSvc - ok
17:51:56.0432 3128 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:51:56.0532 3128 Eventlog - ok
17:51:58.0374 3128 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
17:51:58.0895 3128 EventSystem - ok
17:52:02.0540 3128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:52:02.0721 3128 Fastfat - ok
17:52:02.0871 3128 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:52:02.0891 3128 FastUserSwitchingCompatibility - ok
17:52:03.0031 3128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:52:03.0041 3128 Fdc - ok
17:52:03.0331 3128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:52:03.0331 3128 Fips - ok
17:52:03.0452 3128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:52:03.0492 3128 Flpydisk - ok
17:52:04.0163 3128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:52:04.0243 3128 FltMgr - ok
17:52:04.0904 3128 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:52:05.0434 3128 FontCache3.0.0.0 - ok
17:52:05.0535 3128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:52:05.0535 3128 Fs_Rec - ok
17:52:05.0605 3128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:52:05.0625 3128 Ftdisk - ok
17:52:05.0725 3128 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:52:05.0795 3128 gameenum - ok
17:52:06.0276 3128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:52:06.0346 3128 Gpc - ok
17:52:06.0917 3128 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:52:07.0027 3128 helpsvc - ok
17:52:07.0097 3128 HidServ - ok
17:52:07.0247 3128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:52:07.0247 3128 HidUsb - ok
17:52:07.0548 3128 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:52:07.0608 3128 hkmsvc - ok
17:52:07.0668 3128 hpn - ok
17:52:07.0728 3128 hpt3xx - ok
17:52:08.0359 3128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:52:08.0529 3128 HTTP - ok
17:52:08.0639 3128 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:52:08.0689 3128 HTTPFilter - ok
17:52:08.0749 3128 i2omgmt - ok
17:52:08.0809 3128 i2omp - ok
17:52:09.0390 3128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:52:09.0430 3128 i8042prt - ok
17:52:10.0622 3128 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
17:52:10.0782 3128 i81x - ok
17:52:11.0383 3128 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
17:52:11.0413 3128 iAimFP0 - ok
17:52:11.0513 3128 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
17:52:11.0513 3128 iAimFP1 - ok
17:52:11.0573 3128 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
17:52:11.0583 3128 iAimFP2 - ok
17:52:11.0714 3128 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
17:52:11.0734 3128 iAimFP3 - ok
17:52:12.0084 3128 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
17:52:12.0114 3128 iAimFP4 - ok
17:52:12.0214 3128 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
17:52:12.0214 3128 iAimFP5 - ok
17:52:12.0284 3128 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
17:52:12.0294 3128 iAimFP6 - ok
17:52:12.0415 3128 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
17:52:12.0445 3128 iAimFP7 - ok
17:52:12.0735 3128 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
17:52:12.0755 3128 iAimTV0 - ok
17:52:12.0855 3128 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
17:52:12.0855 3128 iAimTV1 - ok
17:52:12.0935 3128 iAimTV2 - ok
17:52:13.0065 3128 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
17:52:13.0075 3128 iAimTV3 - ok
17:52:13.0186 3128 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
17:52:13.0216 3128 iAimTV4 - ok
17:52:13.0336 3128 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
17:52:13.0356 3128 iAimTV5 - ok
17:52:13.0466 3128 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
17:52:13.0476 3128 iAimTV6 - ok
17:52:15.0399 3128 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:52:15.0799 3128 idsvc - ok
17:52:15.0869 3128 imagesrv - ok
17:52:16.0611 3128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:52:16.0631 3128 Imapi - ok
17:52:16.0781 3128 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:52:16.0801 3128 ImapiService - ok
17:52:16.0881 3128 ini910u - ok
17:52:16.0931 3128 ino_flpy - ok
17:52:17.0582 3128 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:52:17.0582 3128 IntelIde - ok
17:52:18.0473 3128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:52:18.0503 3128 Ip6Fw - ok
17:52:18.0593 3128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:52:18.0603 3128 IpFilterDriver - ok
17:52:18.0734 3128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:52:18.0744 3128 IpInIp - ok
17:52:19.0465 3128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:52:19.0555 3128 IpNat - ok
17:52:19.0655 3128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:52:19.0695 3128 IPSec - ok
17:52:19.0875 3128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:52:19.0895 3128 IRENUM - ok
17:52:20.0837 3128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:52:20.0857 3128 isapnp - ok
17:52:22.0509 3128 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
17:52:22.0619 3128 JavaQuickStarterService - ok
17:52:22.0709 3128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:52:22.0709 3128 Kbdclass - ok
17:52:22.0900 3128 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:52:23.0370 3128 kbdhid - ok
17:52:23.0751 3128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:52:23.0771 3128 kmixer - ok
17:52:23.0891 3128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:52:23.0901 3128 KSecDD - ok
17:52:24.0452 3128 KTC111 (50a0090cbbf7ff701230ee1314598aef) C:\WINDOWS\system32\DRIVERS\KTC111.SYS
17:52:24.0462 3128 KTC111 - ok
17:52:24.0572 3128 L8042Kbd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\crcdisk.dll
17:52:24.0582 3128 L8042Kbd ( Backdoor.Multi.ZAccess.gen ) - infected
17:52:24.0582 3128 L8042Kbd - detected Backdoor.Multi.ZAccess.gen (0)
17:52:24.0692 3128 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:52:24.0712 3128 lanmanserver - ok
17:52:24.0872 3128 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:52:24.0892 3128 lanmanworkstation - ok
17:52:24.0953 3128 lbrtfdc - ok
17:52:25.0353 3128 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:52:25.0363 3128 LmHosts - ok
17:52:26.0294 3128 Macromedia Licensing Service (a8382713f5870e4af1de4e8f7af9d882) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
17:52:26.0395 3128 Macromedia Licensing Service - ok
17:52:27.0416 3128 MDM (6a7c978720e23f0622650dbe765acb09) c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
17:52:27.0626 3128 MDM - ok
17:52:27.0757 3128 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:52:27.0807 3128 Messenger - ok
17:52:27.0867 3128 mfesmfk - ok
17:52:28.0287 3128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:52:28.0287 3128 mnmdd - ok
17:52:28.0448 3128 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
17:52:28.0458 3128 mnmsrvc - ok
17:52:28.0578 3128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:52:28.0588 3128 Modem - ok
17:52:28.0738 3128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:52:28.0768 3128 Mouclass - ok
17:52:28.0908 3128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:52:28.0918 3128 mouhid - ok
17:52:29.0379 3128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:52:29.0389 3128 MountMgr - ok
17:52:29.0449 3128 mraid35x - ok
17:52:29.0589 3128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:52:29.0609 3128 MRxDAV - ok
17:52:31.0262 3128 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:52:31.0532 3128 MRxSmb - ok
17:52:31.0782 3128 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
17:52:31.0792 3128 MSDTC - ok
17:52:32.0213 3128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:52:32.0223 3128 Msfs - ok
17:52:32.0283 3128 MSIServer - ok
17:52:32.0383 3128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:52:32.0393 3128 MSKSSRV - ok
17:52:32.0503 3128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:52:32.0513 3128 MSPCLOCK - ok
17:52:32.0604 3128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:52:32.0614 3128 MSPQM - ok
17:52:32.0774 3128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:52:32.0784 3128 mssmbios - ok
17:52:32.0924 3128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:52:33.0325 3128 Mup - ok
17:52:33.0805 3128 NanoServiceMain (9799191f31740eb7979c3b012aa6ba5b) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
17:52:33.0835 3128 NanoServiceMain - ok
17:52:34.0516 3128 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:52:34.0626 3128 napagent - ok
17:52:35.0488 3128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:52:35.0578 3128 NDIS - ok
17:52:35.0668 3128 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:52:35.0668 3128 NdisTapi - ok
17:52:35.0808 3128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:52:35.0808 3128 Ndisuio - ok
17:52:36.0319 3128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:52:36.0359 3128 NdisWan - ok
17:52:36.0910 3128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:52:36.0930 3128 NDProxy - ok
17:52:36.0990 3128 NecUsb3 - ok
17:52:37.0461 3128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:52:37.0471 3128 NetBIOS - ok
17:52:37.0591 3128 NetBT (7b0238b9b720e2f19ec2d435ba3acf54) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:52:37.0601 3128 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 7b0238b9b720e2f19ec2d435ba3acf54, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
17:52:37.0611 3128 NetBT ( Virus.Win32.ZAccess.k ) - infected
17:52:37.0611 3128 NetBT - detected Virus.Win32.ZAccess.k (0)
17:52:37.0761 3128 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:52:37.0791 3128 NetDDE - ok
17:52:37.0851 3128 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:52:37.0861 3128 NetDDEdsdm - ok
17:52:38.0352 3128 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:52:38.0372 3128 Netlogon - ok
17:52:38.0542 3128 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:52:38.0572 3128 Netman - ok
17:52:39.0714 3128 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:52:40.0355 3128 NetTcpPortSharing - ok
17:52:40.0555 3128 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:52:40.0665 3128 Nla - ok
17:52:40.0765 3128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:52:40.0775 3128 Npfs - ok
17:52:44.0340 3128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:52:44.0601 3128 Ntfs - ok
17:52:44.0671 3128 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:52:44.0671 3128 NtLmSsp - ok
17:52:46.0824 3128 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:52:47.0465 3128 NtmsSvc - ok
17:52:47.0585 3128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:52:47.0585 3128 Null - ok
17:52:47.0665 3128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:52:47.0665 3128 NwlnkFlt - ok
17:52:47.0775 3128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:52:47.0805 3128 NwlnkFwd - ok
17:52:47.0876 3128 oracleservicelocalora - ok
17:52:48.0657 3128 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
17:52:48.0677 3128 P3 - ok
17:52:48.0787 3128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:52:48.0797 3128 Parport - ok
17:52:49.0318 3128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:52:49.0368 3128 PartMgr - ok
17:52:49.0538 3128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:52:49.0548 3128 ParVdm - ok
17:52:49.0728 3128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:52:49.0748 3128 PCI - ok
17:52:49.0798 3128 PCIDump - ok
17:52:49.0868 3128 PCIIde - ok
17:52:50.0579 3128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:52:50.0660 3128 Pcmcia - ok
17:52:50.0720 3128 pcx1unic - ok
17:52:50.0780 3128 PDCOMP - ok
17:52:50.0850 3128 PDFRAME - ok
17:52:50.0910 3128 PDRELI - ok
17:52:50.0970 3128 PDRFRAME - ok
17:52:51.0030 3128 perc2 - ok
17:52:51.0090 3128 perc2hib - ok
17:52:51.0290 3128 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:52:51.0300 3128 PlugPlay - ok
17:52:51.0371 3128 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:52:51.0371 3128 PolicyAgent - ok
17:52:51.0461 3128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:52:51.0471 3128 PptpMiniport - ok
17:52:51.0511 3128 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:52:51.0521 3128 ProtectedStorage - ok
17:52:52.0142 3128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:52:52.0182 3128 PSched - ok
17:52:53.0403 3128 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
17:52:53.0413 3128 PSINAflt - ok
17:52:54.0956 3128 PSINFile (b573f1ee01046612576907bb08ad8e6f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
17:52:54.0956 3128 PSINFile - ok
17:52:57.0469 3128 PSINKNC (51b0bab73ec899399e5d6034105d6f21) C:\WINDOWS\system32\DRIVERS\psinknc.sys
17:52:57.0479 3128 PSINKNC - ok
17:52:57.0990 3128 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
17:52:57.0990 3128 PSINProc - ok
17:52:58.0150 3128 PSINProt (47345c84b45003d4b5975cda5f026787) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
17:52:58.0160 3128 PSINProt - ok
17:52:58.0351 3128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:52:58.0361 3128 Ptilink - ok
17:52:58.0421 3128 ql1080 - ok
17:52:58.0501 3128 Ql10wnt - ok
17:52:58.0561 3128 ql12160 - ok
17:52:58.0621 3128 ql1240 - ok
17:52:58.0691 3128 ql1280 - ok
17:52:58.0741 3128 qserver - ok
17:52:58.0821 3128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:52:58.0821 3128 RasAcd - ok
17:52:59.0222 3128 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:52:59.0312 3128 RasAuto - ok
17:52:59.0773 3128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:52:59.0793 3128 Rasl2tp - ok
17:53:00.0724 3128 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:53:00.0754 3128 RasMan - ok
17:53:00.0864 3128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:53:00.0884 3128 RasPppoe - ok
17:53:01.0064 3128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:53:01.0064 3128 Raspti - ok
17:53:01.0565 3128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:53:01.0605 3128 Rdbss - ok
17:53:01.0946 3128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:53:01.0966 3128 RDPCDD - ok
17:53:02.0256 3128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:53:02.0306 3128 rdpdr - ok
17:53:02.0837 3128 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:53:02.0947 3128 RDPWD - ok
17:53:03.0127 3128 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:53:03.0147 3128 RDSessMgr - ok
17:53:03.0518 3128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:53:03.0538 3128 redbook - ok
17:53:03.0648 3128 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:53:03.0658 3128 RemoteAccess - ok
17:53:03.0778 3128 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:53:03.0788 3128 RemoteRegistry - ok
17:53:03.0848 3128 RkPavproc1 - ok
17:53:04.0119 3128 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
17:53:04.0159 3128 RpcLocator - ok
17:53:05.0911 3128 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:53:05.0931 3128 RpcSs - ok
17:53:06.0002 3128 RR2Vbi - ok
17:53:06.0092 3128 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:53:06.0132 3128 RSVP - ok
17:53:06.0252 3128 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:53:06.0252 3128 SamSs - ok
17:53:06.0382 3128 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:53:06.0422 3128 SCardSvr - ok
17:53:07.0944 3128 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:53:08.0145 3128 Schedule - ok
17:53:08.0375 3128 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys
17:53:08.0385 3128 SDTHOOK - ok
17:53:08.0455 3128 SE2Bmdfl - ok
17:53:08.0555 3128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:53:08.0565 3128 Secdrv - ok
17:53:08.0776 3128 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:53:08.0786 3128 seclogon - ok
17:53:09.0066 3128 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:53:09.0076 3128 SENS - ok
17:53:09.0146 3128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:53:09.0156 3128 serenum - ok
17:53:09.0937 3128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:53:09.0987 3128 Serial - ok
17:53:10.0368 3128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:53:10.0388 3128 Sfloppy - ok
17:53:11.0369 3128 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:53:11.0479 3128 SharedAccess - ok
17:53:11.0680 3128 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:53:11.0690 3128 ShellHWDetection - ok
17:53:11.0750 3128 Simbad - ok
17:53:12.0341 3128 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
17:53:12.0381 3128 SNMP - ok
17:53:12.0521 3128 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
17:53:12.0571 3128 SNMPTRAP - ok
17:53:12.0631 3128 Sparrow - ok
17:53:12.0691 3128 spbbcsvc - ok
17:53:12.0791 3128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:53:12.0791 3128 splitter - ok
17:53:13.0232 3128 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:53:13.0252 3128 Spooler - ok
17:53:13.0623 3128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
17:53:13.0663 3128 sr - ok
17:53:13.0833 3128 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:53:13.0883 3128 srservice - ok
17:53:15.0736 3128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:53:15.0946 3128 Srv - ok
17:53:16.0356 3128 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:53:16.0376 3128 SSDPSRV - ok
17:53:17.0158 3128 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:53:17.0418 3128 stisvc - ok
17:53:17.0518 3128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:53:17.0548 3128 swenum - ok
17:53:17.0678 3128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:53:17.0678 3128 swmidi - ok
17:53:17.0748 3128 SwPrv - ok
17:53:17.0829 3128 symc810 - ok
17:53:17.0889 3128 symc8xx - ok
17:53:17.0949 3128 sym_hi - ok
17:53:18.0019 3128 sym_u3 - ok
17:53:18.0119 3128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:53:18.0129 3128 sysaudio - ok
17:53:18.0229 3128 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:53:18.0249 3128 SysmonLog - ok
17:53:18.0880 3128 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:53:18.0910 3128 TapiSrv - ok
17:53:19.0511 3128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:53:19.0671 3128 Tcpip - ok
17:53:19.0761 3128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:53:19.0791 3128 TDPIPE - ok
17:53:19.0892 3128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:53:19.0922 3128 TDTCP - ok
17:53:20.0072 3128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:53:20.0082 3128 TermDD - ok
17:53:20.0352 3128 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:53:20.0633 3128 TermService - ok
17:53:20.0793 3128 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:53:20.0803 3128 Themes - ok
17:53:20.0923 3128 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
17:53:20.0973 3128 TlntSvr - ok
17:53:21.0033 3128 TosIde - ok
17:53:21.0444 3128 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:53:21.0454 3128 TrkWks - ok
17:53:21.0624 3128 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
17:53:21.0634 3128 U2SP - ok
17:53:22.0295 3128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:53:22.0305 3128 Udfs - ok
17:53:22.0365 3128 ultra - ok
17:53:22.0485 3128 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\System32\wdfmgr.exe
17:53:22.0495 3128 UMWdf - ok
17:53:22.0756 3128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:53:22.0826 3128 Update - ok
17:53:22.0976 3128 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:53:23.0006 3128 upnphost - ok
17:53:23.0437 3128 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:53:23.0447 3128 UPS - ok
17:53:23.0557 3128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:53:23.0557 3128 usbccgp - ok
17:53:23.0697 3128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:53:23.0707 3128 usbhub - ok
17:53:23.0997 3128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:53:24.0098 3128 usbprint - ok
17:53:24.0528 3128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:53:24.0558 3128 usbscan - ok
17:53:24.0718 3128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:53:24.0769 3128 USBSTOR - ok
17:53:24.0999 3128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:53:25.0009 3128 usbuhci - ok
17:53:25.0119 3128 vet-filt - ok
17:53:25.0339 3128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:53:25.0359 3128 VgaSave - ok
17:53:25.0440 3128 ViaIde - ok
17:53:25.0560 3128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:53:25.0570 3128 VolSnap - ok
17:53:25.0760 3128 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:53:25.0800 3128 VSS - ok
17:53:25.0880 3128 w200mdfl - ok
17:53:26.0261 3128 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:53:26.0291 3128 W32Time - ok
17:53:26.0411 3128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:53:26.0411 3128 Wanarp - ok
17:53:26.0501 3128 WDICA - ok
17:53:26.0651 3128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:53:26.0661 3128 wdmaud - ok
17:53:26.0952 3128 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:53:26.0962 3128 WebClient - ok
17:53:27.0042 3128 webrootspysweeperservice - ok
17:53:27.0142 3128 websensepolicyserver - ok
17:53:27.0442 3128 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:53:27.0452 3128 winmgmt - ok
17:53:27.0673 3128 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\System32\MsPMSNSv.dll
17:53:27.0683 3128 WmdmPmSN - ok
17:53:27.0953 3128 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:53:28.0073 3128 Wmi - ok
17:53:28.0264 3128 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:53:28.0274 3128 WmiApSrv - ok
17:53:28.0764 3128 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:53:28.0905 3128 WPFFontCache_v0400 - ok
17:53:29.0105 3128 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:53:29.0125 3128 wuauserv - ok
17:53:29.0355 3128 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:53:29.0425 3128 WZCSVC - ok
17:53:29.0595 3128 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:53:29.0616 3128 xmlprov - ok
17:53:29.0776 3128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:53:31.0729 3128 \Device\Harddisk0\DR0 - ok
17:53:32.0069 3128 Boot (0x1200) (af08ed6153a75f30b7d14bcd184ec016) \Device\Harddisk0\DR0\Partition0
17:53:32.0079 3128 \Device\Harddisk0\DR0\Partition0 - ok
17:53:32.0099 3128 ============================================================
17:53:32.0109 3128 Scan finished
17:53:32.0109 3128 ============================================================
17:53:32.0199 3120 Detected object count: 2
17:53:32.0199 3120 Actual detected object count: 2
17:57:13.0427 3120 L8042Kbd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:57:13.0427 3120 L8042Kbd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:57:13.0918 3120 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
17:57:15.0530 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\@ - copied to quarantine
17:57:15.0600 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\cfg.ini - copied to quarantine
17:57:15.0691 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\Desktop.ini - copied to quarantine
17:57:15.0821 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\L\akygdmgo - copied to quarantine
17:57:15.0901 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\oemid - copied to quarantine
17:57:16.0021 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000001.@ - copied to quarantine
17:57:16.0382 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000002.@ - copied to quarantine
17:57:16.0502 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000004.@ - copied to quarantine
17:57:16.0612 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000000.@ - copied to quarantine
17:57:16.0722 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000004.@ - copied to quarantine
17:57:16.0782 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000032.@ - copied to quarantine
17:57:16.0822 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\version - copied to quarantine
17:57:23.0101 3120 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
17:57:42.0659 3120 Backup copy found, using it..
17:57:44.0091 3120 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
17:57:53.0976 3120 C:\WINDOWS\$NtUninstallKB33768$\1303206663 - will be deleted on reboot
17:57:53.0976 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\@ - will be deleted on reboot
17:57:53.0996 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\cfg.ini - will be deleted on reboot
17:57:54.0006 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\Desktop.ini - will be deleted on reboot
17:57:54.0046 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\oemid - will be deleted on reboot
17:57:54.0046 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000001.@ - will be deleted on reboot
17:57:54.0046 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000002.@ - will be deleted on reboot
17:57:54.0066 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\00000004.@ - will be deleted on reboot
17:57:54.0076 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000000.@ - will be deleted on reboot
17:57:54.0086 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000004.@ - will be deleted on reboot
17:57:54.0086 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\U\80000032.@ - will be deleted on reboot
17:57:54.0086 3120 C:\WINDOWS\$NtUninstallKB33768$\3152164874\version - will be deleted on reboot
17:57:54.0126 3120 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
18:02:00.0110 2896 Deinitialize success





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
aida :: ADMIN [administrator]

5/7/2012 6:22:43 PM
mbam-log-2012-05-07 (18-22-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271054
Time elapsed: 14 hour(s), 39 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\crcdisk.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\system32\crcdisk.dll (RootKit.0Access.H) -> Delete on reboot.
C:\TDSSKiller_Quarantine\07.05.2012_17.50.35\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)








DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by aida at 10:56:57 on 2012-05-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.331 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ZumoDrive] c:\program files\zecter\zumodrive\ZumoLauncher.lnk
uRun: [Google Update] "c:\documents and settings\aida\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [ZumoDrive] "c:\program files\zecter\zumodrive\ZumoLauncher.lnk"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9C98642B-78C9-4923-8DFD-BE08F792C45B} : DhcpNameServer = 10.0.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} -
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php
FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\screencaptureelite@plugin\platform\winnt_x86-msvc\components\SCEFF3Client.dll
FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\aida\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin
FF - Ext: Click&amp;Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-4-12 147416]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]
R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2003-9-15 19016]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-29 20160]
.
=============== Created Last 30 ================
.
2012-05-07 21:57:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 18:49:13 -------- d-----w- C:\8b932b19c531de31486369ac
2012-04-14 18:27:22 -------- d-----w- C:\a13e1fdda4f013cfa6a1
2012-04-13 07:02:44 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-12 22:46:55 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643
2012-04-12 19:46:14 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925
2012-04-12 18:04:45 -------- d-----w- C:\b39195a5979437de95c7ae2e
2012-04-09 17:56:24 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-07 23:13:00 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 22:04:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-07 21:45:14 0 -csha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-13 18:01:33 102400 -c--a-w- c:\windows\RegBootClean.exe
2012-04-11 17:55:44 22032 -c--a-w- c:\windows\DCEBoot.exe
2012-04-04 19:56:40 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 22:28:49 60304 -c--a-w- c:\documents and settings\aida\g2mdlhlpx.exe
2012-03-01 11:01:32 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 -c--a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 -c----w- c:\windows\system32\html.iec
.
============= FINISH: 11:05:14.87 ===============










UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/16/2003 3:38:32 AM
System Uptime: 5/8/2012 10:22:23 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CUW-FX
Processor: Intel Pentium III processor | PGA 370 | 651/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 9 GiB total, 0.278 GiB free.
D: is CDROM ()
R: is NetworkDisk (NTFS) - 75 GiB total, 44.238 GiB free.
U: is NetworkDisk (NTFS) - 75 GiB total, 33.243 GiB free.
W: is NetworkDisk (NTFS) - 14 GiB total, 2.982 GiB free.
Z: is NetworkDisk (NTFS) - 1397 GiB total, 1229.493 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ADMtek ADM8511 USB To Fast Ethernet Converter
Device ID: USB\VID_07A6&PID_8511\0001
Manufacturer: ADMtek Incorporated
Name: ADMtek ADM8511 USB To Fast Ethernet Converter
PNP Device ID: USB\VID_07A6&PID_8511\0001
Service: ADM8511
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe SVG Viewer 3.0
Content Buzzer
Content Notifier
Dynamic Traders Group, Inc. DT6 ver 1
EasyCleaner
ePrompter
Foxit Reader
FXDD - MetaTrader 4.00
Google Talk Plugin
GoToMeeting 5.1.0.880
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java™ 6 Update 20
Kcast Beta 2.0.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Data Access Components KB870669
Microsoft FrontPage Client - English
Microsoft Office 2000 Premium
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual Studio .NET Professional 2003 - English
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero - Burning Rom
Panda Cloud Antivirus
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SSH Secure Shell
Turbo Trader 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
ZumoDrive
.
==== Event Viewer Messages From Past Week ========
.
5/8/2012 9:10:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
5/8/2012 9:10:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
5/8/2012 8:10:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
5/8/2012 8:10:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
5/8/2012 7:10:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
5/8/2012 7:10:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
5/8/2012 6:10:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
5/8/2012 6:10:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
5/8/2012 5:10:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
5/8/2012 5:10:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
5/8/2012 4:10:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
5/8/2012 4:10:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
5/8/2012 3:10:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
5/8/2012 3:10:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
5/8/2012 2:10:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
5/8/2012 2:10:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
5/8/2012 12:10:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
5/8/2012 12:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
5/8/2012 10:25:26 AM, error: Service Control Manager [7023] - The HIDSwvd service terminated with the following error: The specified module could not be found.
5/8/2012 10:10:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
5/8/2012 10:10:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
5/8/2012 1:10:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
5/8/2012 1:10:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
5/7/2012 9:10:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
5/7/2012 9:10:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
5/7/2012 8:10:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
5/7/2012 8:10:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
5/7/2012 7:10:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
5/7/2012 7:10:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
5/7/2012 6:10:01 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
5/7/2012 6:10:01 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
5/7/2012 6:08:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
5/7/2012 5:47:55 PM, error: Service Control Manager [7023] - The Radiosvr service terminated with the following error: The specified module could not be found.
5/7/2012 11:10:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
5/7/2012 11:10:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
5/7/2012 10:10:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
5/7/2012 10:10:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
5/6/2012 11:24:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/5/2012 10:45:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/5/2012 10:43:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CbFs Fips P3 PSINKNC
5/3/2012 12:14:42 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/3/2012 12:10:11 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
5/3/2012 12:10:01 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
5/3/2012 12:07:02 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The VAIOMediaPlatform-PhotoServer-HTTP service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The USB3 Service service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Snac service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Sfcure01 service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Savrt service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Proxyhostdriver service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The P1131vid service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Mstdc service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Ma763004 service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The K750obex service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The CTSYN service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Crcdisk service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Cmudau service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The ClntMgmt.sys service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The BVRPMPR5 service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Awhost32 service terminated with the following error: The specified module could not be found.
5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Ati2mtaa service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

#4
GeeWhiz00
Posted 08 May 2012 - 01:44 PM

    New Member

  • Members
  • Pip
  • 30 posts
I did a quick scan after posting the above. No malware was found.

#5
Maniac
Posted 09 May 2012 - 04:37 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Very good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#6
GeeWhiz00
Posted 09 May 2012 - 10:25 PM

    New Member

  • Members
  • Pip
  • 30 posts
I ran it twice since the instructions said that running once may not fix everything. . The 2 logs are below:

ComboFix 12-05-09.01 - aida 05/09/2012 18:31:11.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.280 [GMT -4:00]
Running from: c:\documents and settings\aida\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\aida\Application Data\ubot
c:\documents and settings\aida\g2mdlhlpx.exe
c:\windows\$NtUninstallKB33768$\2796826727
c:\windows\$NtUninstallKB33768$\3152164874\@
c:\windows\$NtUninstallKB33768$\3152164874\cfg.ini
c:\windows\$NtUninstallKB33768$\3152164874\Desktop.ini
c:\windows\$NtUninstallKB33768$\3152164874\L\akygdmgo
c:\windows\iun6002.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\QuickTime.exe
c:\windows\$NtUninstallKB33768$ . . . . Failed to delete
.
c:\windows\system32\drivers\cbfs.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-07 21:57 . 2012-05-07 21:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 18:49 . 2012-04-14 18:49 -------- d-----w- C:\8b932b19c531de31486369ac
2012-04-14 18:27 . 2012-04-14 18:28 -------- d-----w- C:\a13e1fdda4f013cfa6a1
2012-04-13 07:02 . 2011-06-21 04:09 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-12 22:46 . 2012-04-12 22:47 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643
2012-04-12 19:46 . 2012-04-12 19:46 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925
2012-04-12 18:04 . 2012-04-12 18:05 -------- d-----w- C:\b39195a5979437de95c7ae2e
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe
2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe
2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\kbdclass.sys
[7] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ndis.sys
[-] 2003-10-04 . D999CE17681D7D074D534FC5BC662E0A . 168192 . . [5.1.2600.1254] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826942$\ndis.sys
.
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntfs.sys
[7] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2001-08-23 . 70FAE0DCFDFAA0838D6778FCA028CE01 . 533504 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ315403$\ntfs.sys
.
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2GDR\tcpip.sys
[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP1QFE\tcpip.sys
[-] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp1qfe\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[-] 2005-02-23 . 466CBD4831E80729173654AB2B8C0FEE . 339968 . . [5.1.2600.1630] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys
[7] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\browser.dll
[-] 2004-03-30 . 34B4B8B9BC07449E9B340C93C468F92A . 48640 . . [5.1.2600.105] . . c:\windows\$NtUninstallKB841873_RTM$\browser.dll
[7] 2002-08-29 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2001-08-23 . 1C9CDCAD17F23BB7206451802307C529 . 49152 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB835732_RTM$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\lsass.exe
[7] 2002-08-29 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 838B1DF317D55BFFF67F99F1AE7ECEB7 . 154624 . . [5.1.2600.1733] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\netman.dll
[7] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 07:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\comres.dll
[-] 2001-08-23 12:00 . 1F51839ECCF908FD86558198909262E4 . 792064 . . [2001.12.4414.42] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\qmgr.dll
[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2002-01-22 . 9507281D9AFD440F0DA09BE6B7093C43 . 179712 . . [6.0.2600.27] . . c:\windows\$NtUninstallKB842773$\qmgr.dll
[-] 2001-08-23 . 3E6ACF2CD2E8C19B16E4B42D08CA3838 . 179200 . . [6.0.2600.0] . . c:\windows\$NtUninstallQ314862$\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll
[-] 2005-07-26 . 0D903904A1CDDAA2AE29F48176C683D4 . 276992 . . [5.1.2600.1720] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2GDR\rpcss.dll
[-] 2005-01-14 . 4493E3E2C9449D96F703861D73C58B88 . 284672 . . [5.1.2600.1619] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\rpcss.dll
[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\windows\$xpsp1hfm$\KB828741\rpcss.dll
[-] 2003-08-25 . D6755C39AE02ECDA111156401EC62022 . 204288 . . [5.1.2600.118] . . c:\windows\$NtUninstallKB828741_RTM$\rpcss.dll
[-] 2003-08-25 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\$xpsp1hfm$\KB824146\rpcss.dll
[7] 2002-08-29 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB828741$\rpcss.dll
[-] 2001-08-23 . 3F1C4DC5F03535E544996968DD225837 . 259072 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB824146_RTM$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\services.exe
[-] 2001-08-23 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . 6B4BF97957A0B8795811975D4BF1ACFE . 53248 . . [5.1.2600.1699] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\spoolsv.exe
[-] 2001-08-23 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\winlogon.exe
[7] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2004-08-04 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wuauclt.exe
[7] 2002-08-29 . A3763CE319D9EB3EC2AC04901F293B9D . 139776 . . [5.4.3630.1106] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-05-13 . 5B09EA8ABB09C22F7574FA52DC9BD752 . 74368 . . [5.1.2600.1842] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ipsec.sys
[7] 2002-08-29 . 1C4802409CFD4A7051F458B744CFCAA5 . 57984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB911280$\ipsec.sys
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . 44AA778B2329428C9E8D5367BCF91CDD . 561664 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll
[-] 2006-07-13 . E48A8A28835914878C9716E71032A10C . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll
[-] 2006-03-17 . 551E967F1E08EE6E205FCB5ADCB0DFC5 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-17 . 551E967F1E08EE6E205FCB5ADCB0DFC5 . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
[-] 2005-09-01 . A93B7C3B08B9AC15B4DCDC96A50E4C2C . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
[-] 2005-03-12 . F6A21D5476C7B4CA9873D97BD246D6EB . 925184 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\comctl32.dll
[-] 2004-04-17 . A7B3F3FB365B8B3B29C7C7322392C765 . 921600 . . [6.0] . . c:\windows\$xpsp1hfm$\KB839645\asms\60\msft\windows\Common\Controls\comctl32.dll
[-] 2004-04-17 . A7B3F3FB365B8B3B29C7C7322392C765 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll
[7] 2002-08-29 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\cryptsvc.dll
[-] 2003-03-26 . 8B6DA0009AB7B3B8A5E9E28015A32EA7 . 53760 . . [5.1.2600.1190] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[7] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826939$\cryptsvc.dll
.
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2GDR\es.dll
[-] 2005-07-26 04:31 . 01B2EF40AAAF29786B0F906C487DD56A . 227328 . . [2001.12.4414.62] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\es.dll
[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$xpsp1hfm$\KB828741\es.dll
[-] 2004-03-06 02:05 . 08A859AA98E5991E05E92C3893FD3439 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtUninstallKB828741$\es.dll
[-] 2001-08-23 12:00 . F5963768CFD62FDB926FDB588EE69315 . 224768 . . [2001.12.4414.42] . . c:\windows\$NtUninstallKB828741_RTM$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\imm32.dll
[7] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2006-07-05 . 7815BF93413A3E504DAC1676BDE2D78F . 928768 . . [5.1.2600.1869] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\kernel32.dll
[7] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 71E9F9E000221536047E059CBE2FE211 . 16384 . . [5.1.2600.1740] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\linkinfo.dll
[-] 2001-08-23 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\lpk.dll
[-] 2001-08-23 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\mshtml.dll
[7] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\msvcrt.dll
[7] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
[7] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\mswsock.dll
[-] 2001-08-23 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\netlogon.dll
[7] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\powrprof.dll
[-] 2001-08-23 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\scecli.dll
[7] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\sfc.dll
[-] 2001-08-23 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\svchost.exe
[-] 2001-08-23 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . 5F0469FF26B19790B5A0D7C77871B6CD . 238592 . . [5.1.2600.1715] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tapisrv.dll
[7] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 74202EB1BD67E8BE9509E38C8D2234B0 . 561152 . . [5.1.2600.1634] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\user32.dll
[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\$xpsp1hfm$\KB824141\user32.dll
[-] 2002-11-22 . 1BD18B332A07FD10BF0322C352A78078 . 528896 . . [5.1.2600.104] . . c:\windows\$NtUninstallKB824141_RTM$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB824141$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$xpsp1hfm$\Q328310\user32.dll
[7] 2002-08-29 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ328310$\user32.dll
[-] 2001-08-23 . BE57A5C3ABD240514B98F6BCA872FB21 . 561152 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ328310_RTM$\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\userinit.exe
[7] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\wininet.dll
[7] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\wininet.dll
[7] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[7] 2011-12-19 . B701B7DF6B9B243B155523B5F868A90A . 667136 . . [6.00.2900.6182] . . c:\windows\ie8\wininet.dll
[7] 2011-12-19 . 19404059BFBD2DDA979D5FD3D744DE8B . 668672 . . [6.00.2900.6182] . . c:\windows\$hf_mig$\KB2647516\SP3QFE\wininet.dll
[7] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll
[7] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3GDR\wininet.dll
[7] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[7] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3QFE\wininet.dll
[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll
[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\wininet.dll
[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-08-16 . 7B6A08441A4F11320421599D7ECF8D41 . 70656 . . [5.1.2600.1886] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2006-05-19 . 3748E0FC8C1B6ADA49F98C8E69A4228C . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819$\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ws2_32.dll
[-] 2003-07-10 . 06BF1D3C21274F92DDD0E09317C80B35 . 70656 . . [5.1.2600.1240] . . c:\windows\$NtUninstallKB914388$\ws2_32.dll
[-] 2001-08-23 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB817778$\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ws2help.dll
[-] 2001-08-23 . 235C7EF9AEDDE76801169DC61FA72DEF . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\explorer.exe
[-] 2003-05-12 . A73BC66A95CF4F7B597FC8975778A889 . 996352 . . [6.00.2800.1221] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB820291$\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\regedit.exe
[7] 2002-08-29 . B28FB518CD2949715CBFCE0E93A7A535 . 134144 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[7] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\ole32.dll
[-] 2005-07-26 . F07397DBDBD249D379CFDEEE6D9BF545 . 1190400 . . [5.1.2600.1720] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\usp10.dll
[7] 2002-08-29 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ksuser.dll
[-] 2001-08-17 . E486A5A8D51CEFF00404DC5AFF0A8330 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ctfmon.exe
[7] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-10-28 . AD324E21EF7E668C9910EB5ADF6495C0 . 116736 . . [6.00.2800.1605] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\shsvcs.dll
[7] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835$\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\srsvc.dll
[7] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\eventlog.dll
[7] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\sfcfiles.dll
[7] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2001-08-23 . 9E415EFDF50F26BCBC97C80F4E6C30CC . 1562112 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ309521$\sfcfiles.dll
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-05-13 . 5B09EA8ABB09C22F7574FA52DC9BD752 . 74368 . . [5.1.2600.1842] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ipsec.sys
[7] 2002-08-29 . 1C4802409CFD4A7051F458B744CFCAA5 . 57984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB911280$\ipsec.sys
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\regsvc.dll
[-] 2001-08-23 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\schedsvc.dll
[-] 2004-06-08 . 08D72F6490CD85AA1C12EF3B56299936 . 172544 . . [5.1.2600.1564] . . c:\windows\$hf_mig$\KB841873\SP1QFE\schedsvc.dll
[-] 2004-06-08 . 08D72F6490CD85AA1C12EF3B56299936 . 172544 . . [5.1.2600.1564] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[7] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB841873$\schedsvc.dll
[-] 2001-08-23 . F6E2095CBC14522CEACD2853620FAF4D . 158720 . . [4.71.2600.1] . . c:\windows\$NtUninstallKB841873_RTM$\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ssdpsrv.dll
[7] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2001-08-23 . 126D90EE937FFEBACEE30BCA13D92F97 . 39936 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ315000$\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\termsrv.dll
[7] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2001-08-23 . 458635D2E4559526CF9C895340A38702 . 197632 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ311889$\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\hnetcfg.dll
[7] 2002-08-29 . F5FBCABFE303D309DF5163ABFBBB6958 . 240640 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\appmgmts.dll
[7] 2002-08-29 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\aec.sys
[7] 2002-08-29 06:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\agp440.sys
.
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ip6fw.sys
[-] 2003-06-30 . EDDCA9C72F1E7F2E2E2AB6AD7106C4A5 . 29952 . . [5.1.2600.1240] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[7] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2001-08-23 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\msgsvc.dll
[-] 2003-10-21 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-10-21 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\$xpsp1hfm$\KB828035\msgsvc.dll
[-] 2003-10-21 . 30846EB33203E3E777B87EAD4ED1B2D9 . 32256 . . [5.1.2600.121] . . c:\windows\$NtUninstallKB828035$\msgsvc.dll
[-] 2001-08-23 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB828035_RTM$\msgsvc.dll
.
[7] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\ERDNT\cache\MsPMSNSv.dll
[7] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\mspmsnsv.dll
.
[7] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
.
[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntmssvc.dll
[7] 2002-08-29 10:41 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\upnphost.dll
[7] 2002-08-29 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\dsound.dll
[-] 2001-08-23 . 9402C9F282AC5FAF8253A4DC2E231B67 . 338944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ddraw.dll
[7] 2002-08-29 . 1D0F6E2A81751F29E6C27CA4FDDC1D49 . 253440 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[7] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 07:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\olepro32.dll
[-] 2001-08-23 12:00 . 76E77301A8A73457A5B55E76847DB892 . 106496 . . [5.0.5014] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\perfctrs.dll
[-] 2001-08-23 . 972EFFC80D9E806539489883D37032F5 . 37376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\version.dll
[-] 2001-08-23 . 90D0D0BEA6FBC19E765E30B7DDF52B9A . 16384 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\iexplore.exe
[7] 2002-08-29 . 418D301C3B1FA94B19584AEEB3D65166 . 91136 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
.
[7] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\srsvc.dll
[7] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\w32time.dll
[7] 2002-08-29 . A14F6DEDA6E1B5D13A0C225E84988EEA . 165376 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wiaservc.dll
[7] 2002-08-29 . 0AC40B75640B550C26347B5F65F6E0EE . 316416 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\midimap.dll
[-] 2001-08-23 . 5A80CD832A19D92CEAED6D5C0316D1B1 . 17920 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . 087552302D5AAB20FC37314576BC106C . 6144 . . [5.1.2600.1863] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2GDR\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\rasadhlp.dll
[-] 2001-08-23 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\aida\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-09 147416]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
cpqarry2
backupexecagentaccelerator
AMDPCI
WinHttpAutoProxySvc
pcx1unic
LPDSVC
mcpromgr
mwlsvc
tosrfusb
CYGF32X
dsncservice
lpx
anbmservice
PSSdk23
v124
OsaFsLoc
RR2Vbi
db2licd
spbbcsvc
trayman
adsexpb
mfesmfk
oracleservicelocalora
emproxy
websensepolicyserver
clientservice
vet-filt
SRTSPL
bdpredir
s217unic
nsm1bus
QV2KUX
hdaudaddservice
bantext
se59bus
basfipm
symfw
wampmysqld
emAudio
se45mdfl
CTEAPSFX.DLL
RTL8023xp
slimsvc
xfactorae1
siside
incdfs
se45mdm
REVO
NVR0Dev
co_mon
TOSHIBASoftModem
akshasp
MaVctrl
eSettingsService
crystalinputfileserver
slssvc
cobbmservice
sentinel
McciCMService
atinrvxx
nmwcdcm
zfdwm
se27unic
slip
roxliveshare9
mcafeeframework
genmcmn
winpppoverethernet
LVBulk
amdppm
UCTblHid
CTERFXFX.DLL
clisvc
avinitnt
CADlink
SimpTcp
appdrv
pdlndqll
ctxhttp
usbbus
elotouchscreen
sfvfs02
Blfp
L8042Kbd
savrt
sqlagent$sony_mediamgr
hmonitor
SrvcSSIOMngr
zebrsce
ctac32k
appnnode
SE26mdm
rppkt
ufdsvc
StkScan
GoogleDesktopManager-010708-104812
viaudio
marvinbus
adminserver
personalsecuredriveservice
rtl8023
TestHandler
cccredmgr
SiS300i
padfsvr
mcrdsvc
ATIBTCAP
ptserial
antivirservice
hap16v2k
AN983
avipbb
StillCam
npkcmsvc
mohfilt
pnarp
iviVD
snac
mssql$sony_mediamgr
hsfhwazl
AcronisOSSReinstallSvc
MREMPR5
dptrackerd
Nsynas32
pacsptisvr
tandpl
smservaz
UsbDiag
NWDNS
dlaboiom
carboniteservice
rnadiagreceiver
servidor
nsvcip
tb2launch
acrotray
dnetc
bthenum
Afc
qserver
DSI_SiUSBXp_3_1
ino_flpy
crystaloutputfileserver
webrootspysweeperservice
SGHIDI
SE2Bmdfl
w200mdfl
imagesrv
ELmou
SISNICXP
macformatservice
nv
WDM_YAMAHAAC97
p2pimsvc
AFGMp50
ser2plms
GTWModem
zumbus
icdsptsv
protexislicensing
acrsch2svc
vcomm
NETw3x32
pmsveh
utscsi
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
Ip6FwHlp
WmdmPmSN
napagent
hkmsvc
xmlprov
wscsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003Core.job
- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003UA.job
- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin
FF - Ext: Click&amp;Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Notify-NecUsb3Sevices - USB3Sw32.dll
Notify-USB3Sw32 - USB3Sw32.dll
SafeBoot-74338219.sys
AddRemove-Kcast_Beta_1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 19:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\program files\Zecter\ZumoDrive\ShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-09 20:47:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 00:47
.
Pre-Run: 265,682,944 bytes free
Post-Run: 342,028,288 bytes free
.
- - End Of File - - 3764B27D537FBA5D698C5FC3F758BCB0

#7
GeeWhiz00
Posted 09 May 2012 - 10:27 PM

    New Member

  • Members
  • Pip
  • 30 posts
Couldn't fit both logs into one post. Below is 2nd run.

ComboFix 12-05-09.01 - aida 05/09/2012 21:44:33.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.209 [GMT -4:00]
Running from: c:\documents and settings\aida\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\cbfs.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-07 21:57 . 2012-05-07 21:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 18:49 . 2012-04-14 18:49 -------- d-----w- C:\8b932b19c531de31486369ac
2012-04-14 18:27 . 2012-04-14 18:28 -------- d-----w- C:\a13e1fdda4f013cfa6a1
2012-04-13 07:02 . 2011-06-21 04:09 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-12 22:46 . 2012-04-12 22:47 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643
2012-04-12 19:46 . 2012-04-12 19:46 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925
2012-04-12 18:04 . 2012-04-12 18:05 -------- d-----w- C:\b39195a5979437de95c7ae2e
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe
2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe
2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\aida\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-09 147416]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
cpqarry2
backupexecagentaccelerator
AMDPCI
WinHttpAutoProxySvc
pcx1unic
LPDSVC
mcpromgr
mwlsvc
tosrfusb
CYGF32X
dsncservice
lpx
anbmservice
PSSdk23
v124
OsaFsLoc
RR2Vbi
db2licd
spbbcsvc
trayman
adsexpb
mfesmfk
oracleservicelocalora
emproxy
websensepolicyserver
clientservice
vet-filt
SRTSPL
bdpredir
s217unic
nsm1bus
QV2KUX
hdaudaddservice
bantext
se59bus
basfipm
symfw
wampmysqld
emAudio
se45mdfl
CTEAPSFX.DLL
RTL8023xp
slimsvc
xfactorae1
siside
incdfs
se45mdm
REVO
NVR0Dev
co_mon
TOSHIBASoftModem
akshasp
MaVctrl
eSettingsService
crystalinputfileserver
slssvc
cobbmservice
sentinel
McciCMService
atinrvxx
nmwcdcm
zfdwm
se27unic
slip
roxliveshare9
mcafeeframework
genmcmn
winpppoverethernet
LVBulk
amdppm
UCTblHid
CTERFXFX.DLL
clisvc
avinitnt
CADlink
SimpTcp
appdrv
pdlndqll
ctxhttp
usbbus
elotouchscreen
sfvfs02
Blfp
L8042Kbd
savrt
sqlagent$sony_mediamgr
hmonitor
SrvcSSIOMngr
zebrsce
ctac32k
appnnode
SE26mdm
rppkt
ufdsvc
StkScan
GoogleDesktopManager-010708-104812
viaudio
marvinbus
adminserver
personalsecuredriveservice
rtl8023
TestHandler
cccredmgr
SiS300i
padfsvr
mcrdsvc
ATIBTCAP
ptserial
antivirservice
hap16v2k
AN983
avipbb
StillCam
npkcmsvc
mohfilt
pnarp
iviVD
snac
mssql$sony_mediamgr
hsfhwazl
AcronisOSSReinstallSvc
MREMPR5
dptrackerd
Nsynas32
pacsptisvr
tandpl
smservaz
UsbDiag
NWDNS
dlaboiom
carboniteservice
rnadiagreceiver
servidor
nsvcip
tb2launch
acrotray
dnetc
bthenum
Afc
qserver
DSI_SiUSBXp_3_1
ino_flpy
crystaloutputfileserver
webrootspysweeperservice
SGHIDI
SE2Bmdfl
w200mdfl
imagesrv
ELmou
SISNICXP
macformatservice
nv
WDM_YAMAHAAC97
p2pimsvc
AFGMp50
ser2plms
GTWModem
zumbus
icdsptsv
protexislicensing
acrsch2svc
vcomm
NETw3x32
pmsveh
utscsi
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
Ip6FwHlp
WmdmPmSN
napagent
hkmsvc
xmlprov
wscsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003Core.job
- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-1708537768-1003UA.job
- c:\documents and settings\aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin
FF - Ext: Click&amp;Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 22:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
.
Completion time: 2012-05-09 22:54:25
ComboFix-quarantined-files.txt 2012-05-10 02:53
.
Pre-Run: 325,357,568 bytes free
Post-Run: 312,119,296 bytes free
.
- - End Of File - - 56C561B679E73AA9B896E3CA1772FDE0

#8
Maniac
Posted 10 May 2012 - 06:50 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please visit www.virustotal.com and upload the following file:
c:\windows\system32\drivers\cbfs.sys

Wait until scan finished and then copy/paste the URL in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#9
GeeWhiz00
Posted 10 May 2012 - 03:19 PM

    New Member

  • Members
  • Pip
  • 30 posts
Antivirus scan for at UTC - VirusTotal https://www.virustotal.com/file/2a336ec1840f141b2a2f5fe26db32acb79c49854e770b44138ed20521d266c71/analysis/1336677812/

#10
Maniac
Posted 11 May 2012 - 06:08 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Thanks!

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: 
    :filefind
*cbfs.sys*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#11
GeeWhiz00
Posted 11 May 2012 - 03:52 PM

    New Member

  • Members
  • Pip
  • 30 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 16:30 on 11/05/2012 by aida
Administrator - Elevation successful

========== filefind ==========

Searching for "*cbfs.sys*"
C:\Program Files\Zecter\ZumoDrive\cbfs.sys --a--c- 147416 bytes [05:50 16/04/2010] [05:50 16/04/2010] 560C3AC812597D58626D6C92FDC7F58D
C:\WINDOWS\system32\drivers\cbfs.sys --a---- 147416 bytes [01:28 13/04/2010] [07:12 09/02/2010] 9FF0A66A15FB4CBEDB6E26FE4AC9D1E5

-= EOF =-

#12
Maniac
Posted 13 May 2012 - 12:25 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please visit www.virustotal.com and upload the following file:
C:\Program Files\Zecter\ZumoDrive\cbfs.sys

As before when the scan finished, post the link your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#13
GeeWhiz00
Posted 14 May 2012 - 12:50 AM

    New Member

  • Members
  • Pip
  • 30 posts
https://www.virustot...sis/1336973683/

#14
Maniac
Posted 14 May 2012 - 01:51 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Good!

Delete your ComboFix copy, download a new fresh one and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\Program Files\Zecter\ZumoDrive\cbfs.sys | C:\WINDOWS\system32\drivers\cbfs.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#15
GeeWhiz00
Posted 16 May 2012 - 01:26 AM

    New Member

  • Members
  • Pip
  • 30 posts
ComboFix 12-05-15.04 - aida 05/16/2012 1:06.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.247 [GMT -4:00]
Running from: c:\documents and settings\aida\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\aida\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\cbfs.sys . . . is infected!! . . . Failed to find a valid replacement.
.
--------------- FCopy ---------------
.
c:\program files\Zecter\ZumoDrive\cbfs.sys --> c:\windows\system32\drivers\cbfs.sys
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-10 14:33 . 2012-05-10 14:33 -------- dc----w- c:\documents and settings\aida\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe
2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 -c--a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2001-08-23 12:00 2192640 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2001-08-17 13:48 2069120 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-04-16 147416]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
cpqarry2
backupexecagentaccelerator
AMDPCI
WinHttpAutoProxySvc
pcx1unic
LPDSVC
mcpromgr
mwlsvc
tosrfusb
CYGF32X
dsncservice
lpx
anbmservice
PSSdk23
v124
OsaFsLoc
RR2Vbi
db2licd
spbbcsvc
trayman
adsexpb
mfesmfk
oracleservicelocalora
emproxy
websensepolicyserver
clientservice
vet-filt
SRTSPL
bdpredir
s217unic
nsm1bus
QV2KUX
hdaudaddservice
bantext
se59bus
basfipm
symfw
wampmysqld
emAudio
se45mdfl
CTEAPSFX.DLL
RTL8023xp
slimsvc
xfactorae1
siside
incdfs
se45mdm
REVO
NVR0Dev
co_mon
TOSHIBASoftModem
akshasp
MaVctrl
eSettingsService
crystalinputfileserver
slssvc
cobbmservice
sentinel
McciCMService
atinrvxx
nmwcdcm
zfdwm
se27unic
slip
roxliveshare9
mcafeeframework
genmcmn
winpppoverethernet
LVBulk
amdppm
UCTblHid
CTERFXFX.DLL
clisvc
avinitnt
CADlink
SimpTcp
appdrv
pdlndqll
ctxhttp
usbbus
elotouchscreen
sfvfs02
Blfp
L8042Kbd
savrt
sqlagent$sony_mediamgr
hmonitor
SrvcSSIOMngr
zebrsce
ctac32k
appnnode
SE26mdm
rppkt
ufdsvc
StkScan
GoogleDesktopManager-010708-104812
viaudio
marvinbus
adminserver
personalsecuredriveservice
rtl8023
TestHandler
cccredmgr
SiS300i
padfsvr
mcrdsvc
ATIBTCAP
ptserial
antivirservice
hap16v2k
AN983
avipbb
StillCam
npkcmsvc
mohfilt
pnarp
iviVD
snac
mssql$sony_mediamgr
hsfhwazl
AcronisOSSReinstallSvc
MREMPR5
dptrackerd
Nsynas32
pacsptisvr
tandpl
smservaz
UsbDiag
NWDNS
dlaboiom
carboniteservice
rnadiagreceiver
servidor
nsvcip
tb2launch
acrotray
dnetc
bthenum
Afc
qserver
DSI_SiUSBXp_3_1
ino_flpy
crystaloutputfileserver
webrootspysweeperservice
SGHIDI
SE2Bmdfl
w200mdfl
imagesrv
ELmou
SISNICXP
macformatservice
nv
WDM_YAMAHAAC97
p2pimsvc
AFGMp50
ser2plms
GTWModem
zumbus
icdsptsv
protexislicensing
acrsch2svc
vcomm
NETw3x32
pmsveh
utscsi
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
Ip6FwHlp
WmdmPmSN
napagent
hkmsvc
xmlprov
wscsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin
FF - Ext: Click&amp;Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 01:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1800)
c:\windows\system32\WININET.dll
c:\program files\Zecter\ZumoDrive\ShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-16 02:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 06:20
ComboFix2.txt 2012-05-16 03:49
ComboFix3.txt 2012-05-10 02:55
.
Pre-Run: 523,476,992 bytes free
Post-Run: 496,959,488 bytes free
.
- - End Of File - - FDE15041DE5291082569AB341C9EBECE

#16
Maniac
Posted 16 May 2012 - 06:40 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please visit www.virustotal.com and upload this file:
c:\windows\system32\drivers\cbfs.sys

When the scan finished, post the link in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#17
GeeWhiz00
Posted 16 May 2012 - 08:18 PM

    New Member

  • Members
  • Pip
  • 30 posts
I had to run ComboFix several more times before I could access the internet. I'm posting the last ComboFix log below the virustotal link:

https://www.virustot...sis/1337216917/

ComboFix 12-05-16.02 - aida 05/16/2012 18:10:36.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.268 [GMT -4:00]
Running from: c:\documents and settings\aida\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-10 14:33 . 2012-05-10 14:33 -------- dc----w- c:\documents and settings\aida\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 23:13 . 2012-04-09 17:56 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 23:13 . 2011-05-30 17:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 22:04 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-13 18:01 . 2012-03-25 17:34 102400 -c--a-w- c:\windows\RegBootClean.exe
2012-04-11 17:55 . 2010-03-26 01:57 22032 -c--a-w- c:\windows\DCEBoot.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 -c--a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2001-08-23 12:00 2192640 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2001-08-17 13:48 2069120 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2009-01-17 20:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-06-23 18:33 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-07-16 23:51 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-07-16 23:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 -c--a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-03-11 07:54 385024 -c----w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-02-09 07:12 681472 -c--a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2010-04-17 1673]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [4/12/2010 9:28 PM 147416]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [9/15/2003 7:06 PM 19016]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/29/2007 4:30 PM 20160]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2/5/2008 3:53 AM 44928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
cpqarry2
backupexecagentaccelerator
AMDPCI
WinHttpAutoProxySvc
pcx1unic
LPDSVC
mcpromgr
mwlsvc
tosrfusb
CYGF32X
dsncservice
lpx
anbmservice
PSSdk23
v124
OsaFsLoc
RR2Vbi
db2licd
spbbcsvc
trayman
adsexpb
mfesmfk
oracleservicelocalora
emproxy
websensepolicyserver
clientservice
vet-filt
SRTSPL
bdpredir
s217unic
nsm1bus
QV2KUX
hdaudaddservice
bantext
se59bus
basfipm
symfw
wampmysqld
emAudio
se45mdfl
CTEAPSFX.DLL
RTL8023xp
slimsvc
xfactorae1
siside
incdfs
se45mdm
REVO
NVR0Dev
co_mon
TOSHIBASoftModem
akshasp
MaVctrl
eSettingsService
crystalinputfileserver
slssvc
cobbmservice
sentinel
McciCMService
atinrvxx
nmwcdcm
zfdwm
se27unic
slip
roxliveshare9
mcafeeframework
genmcmn
winpppoverethernet
LVBulk
amdppm
UCTblHid
CTERFXFX.DLL
clisvc
avinitnt
CADlink
SimpTcp
appdrv
pdlndqll
ctxhttp
usbbus
elotouchscreen
sfvfs02
Blfp
L8042Kbd
savrt
sqlagent$sony_mediamgr
hmonitor
SrvcSSIOMngr
zebrsce
ctac32k
appnnode
SE26mdm
rppkt
ufdsvc
StkScan
GoogleDesktopManager-010708-104812
viaudio
marvinbus
adminserver
personalsecuredriveservice
rtl8023
TestHandler
cccredmgr
SiS300i
padfsvr
mcrdsvc
ATIBTCAP
ptserial
antivirservice
hap16v2k
AN983
avipbb
StillCam
npkcmsvc
mohfilt
pnarp
iviVD
snac
mssql$sony_mediamgr
hsfhwazl
AcronisOSSReinstallSvc
MREMPR5
dptrackerd
Nsynas32
pacsptisvr
tandpl
smservaz
UsbDiag
NWDNS
dlaboiom
carboniteservice
rnadiagreceiver
servidor
nsvcip
tb2launch
acrotray
dnetc
bthenum
Afc
qserver
DSI_SiUSBXp_3_1
ino_flpy
crystaloutputfileserver
webrootspysweeperservice
SGHIDI
SE2Bmdfl
w200mdfl
imagesrv
ELmou
SISNICXP
macformatservice
nv
WDM_YAMAHAAC97
p2pimsvc
AFGMp50
ser2plms
GTWModem
zumbus
icdsptsv
protexislicensing
acrsch2svc
vcomm
NETw3x32
pmsveh
utscsi
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
Ip6FwHlp
WmdmPmSN
napagent
hkmsvc
xmlprov
wscsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin
FF - Ext: Click&amp;Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 18:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDPCI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backupexecagentaccelerator]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpqarry2]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw3x32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmsveh]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SGHIDI]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trayman]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utscsi]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcomm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,bf,6d,df,a7,6c,2f,45,bf,f4,3e,\
.
Completion time: 2012-05-16 19:11:35
ComboFix-quarantined-files.txt 2012-05-16 23:11
ComboFix2.txt 2012-05-16 19:32
ComboFix3.txt 2012-05-16 15:59
ComboFix4.txt 2012-05-16 08:24
ComboFix5.txt 2012-05-16 21:31
.
Pre-Run: 433,664,000 bytes free
Post-Run: 442,134,528 bytes free
.
- - End Of File - - A483CA1D1F0C98DD61D75C37FC092CD0

#18
Maniac
Posted 17 May 2012 - 10:37 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#19
GeeWhiz00
Posted 19 May 2012 - 05:21 PM

    New Member

  • Members
  • Pip
  • 30 posts
Malwarebytes hasn't found anything in a while. However, Combofix continues to state that the computer is infected with rootkits and needs to reboot to complete with the scan.

#20
Maniac
Posted 20 May 2012 - 05:24 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,028 posts
  • Gender:Male
  • Location:Bulgaria, EU
Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us