Valkskorn

Believe I may be infected

18 posts in this topic

Hello, over the last few days I've noticed my computer growing increasingly slow at times, and completely locking up even when sitting idle. Other times it has frozen for a few seconds and then gone back to normal.

On top of that, an account of mine for a site was hacked, an account using a unique alphanumeric password. I'm careful not to visit any dangerous sites or click on any phishing links, keyloggers, etc. So I'm concerned that something has worked its way into my computer. I ran my anti-virus and malwarebytes and it found nothing.

I ran DeFogger and disabled the drivers, then restarted.

Downloaded DDS and ran it, saved the logs. I'd like to note that while I have Bittorrent installed, I haven't used it for many years, so I believe it is a non-issue in this case.

I downloaded GMER, toggled the options as instructed, and ran it, after three hours it was about 1/3 of the way through my files and my power went out for a minute. For what I hope it's worth I attached the log containing the couple entries GMER displayed when it first ran. Is it necessary I run it again so that it may finish the scan? I'm worried about the computer freezing or something else like another power outage, it seems as though it would have taken many more hours to finish.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6533

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/8/2011 6:48:31 PM

mbam-log-2011-05-08 (18-48-31).txt

Scan type: Quick scan

Objects scanned: 204397

Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Owner at 0:08:39.21 on Mon 05/09/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1243 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Owner\Desktop\dds.com

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.comcast.net/

uSearch Page =

uWindow Title =

uSearch Bar =

uInternet Settings,ProxyOverride = *.local;<local>

uCustomizeSearch =

uSearchAssistant =

mSearchAssistant =

mCustomizeSearch =

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {0C5CF442-582C-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {0C5CF442-582E-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237912534094

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237912521688

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw2k.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://adat-achim.webex.com/client/T27LB/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vtt1hpcz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realplayer enterprise\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer enterprise\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer enterprise\netscape6\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}

FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-21 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-21 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-21 243152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-5 20072]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-8-11 33792]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-25 1684736]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2010-12-25 25832]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\ncsoft\exteel\system\gameguard\dump_wmimmc.sys --> c:\program files\ncsoft\exteel\system\gameguard\dump_wmimmc.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-04-03 00:52:17 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-04-03 00:52:17 266400 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-04-02 04:17:46 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-21 23:56:22 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 23:56:06 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 23:55:46 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-09 05:44:26 17444864 ----a-w- c:\windows\system32\atioglxx.dll

2011-03-09 05:04:02 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-03-09 05:03:56 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-03-09 05:02:38 4669440 ----a-w- c:\windows\system32\aticaldd.dll

2011-03-09 05:00:12 491520 ----a-w- c:\windows\system32\atiok3x2.dll

2011-03-09 04:51:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-03-09 04:48:12 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-03-09 04:47:12 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-03-09 04:46:08 4148544 ----a-w- c:\windows\system32\ati3duag.dll

2011-03-09 04:32:20 2681600 ----a-w- c:\windows\system32\ativvaxx.dll

2011-03-09 04:29:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-03-09 04:29:24 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-03-09 04:29:18 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-03-09 04:29:12 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-03-09 04:29:02 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-03-09 04:27:58 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-03-09 04:26:50 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-03-09 04:26:04 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2011-03-09 04:22:54 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-03-09 04:21:12 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-03-09 04:20:52 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-03-09 04:19:40 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-03-09 04:19:40 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-03-09 04:16:18 851968 ----a-w- c:\windows\system32\ati2cqag.dll

2011-03-07 05:31:47 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 23:03:56 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

.

============= FINISH: 0:10:07.67 ===============

Share this post


Link to post
Share on other sites

An update on my situation, I believe I've updated my Java and other such programs and uninstalled the older versions.

I removed AVG and installed Avast, installed ZoneAlarm.

I ran aswMBR and it found something in the windows files, clicked fix and it removed it, I didn't think to save the logs, but upon running it again the only results are this.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-11 15:26:12

-----------------------------

15:26:12.937 OS Version: Windows 5.1.2600 Service Pack 3

15:26:12.937 Number of processors: 2 586 0x170A

15:26:12.937 ComputerName: VERONICA-658AEE UserName: Owner

15:26:13.859 Initialize success

15:26:17.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14

15:26:17.937 Disk 0 Vendor: ST3250410AS 4.AAA Size: 238475MB BusType: 3

15:26:17.937 Disk 0 MBR read error 0

15:26:17.937 Disk 0 MBR scan

15:26:17.937 Disk 0 unknown MBR code

15:26:17.937 MBR BIOS signature not found 0

15:26:17.968 Disk 0 scanning sectors +488376000

15:26:17.968 Disk 0 scanning C:\WINDOWS\system32\drivers

15:26:23.156 Service scanning

15:26:24.406 Disk 0 trace - called modules:

15:26:24.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfi.sys >>UNKNOWN [0x8a644938]<<

15:26:24.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a54bab8]

15:26:24.437 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a5f79e8]

15:26:24.437 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-14[0x8a54ed98]

15:26:24.437 Scan finished successfully

15:26:41.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

15:26:41.500 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBRlog.txt"

The line beginning with ntkrnlpa.exe is all in red, not sure of the significance of this.

Disabled my programs and ran combofix on the advice of a friend who's also a computer technician. Followed the instructions to the letter and it apparently found something and removed it, got the following log. I let it run for a while and it sat at the desktop with explorer.exe disabled for quite a while, but it never came back, so I rebooted the system, then it finished running and produced the log.

ComboFix 11-05-09.01 - Owner 05/10/2011 2:44.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1396 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\HelpAssistant\WINDOWS

c:\documents and settings\Owner\My Documents\DPE.DUS

c:\documents and settings\Owner\WINDOWS

C:\Install.exe

c:\program files\Internet Explorer\iexplore.exe.tmp

c:\windows\expert

c:\windows\expert\Apps\Help.ico

c:\windows\expert\Apps\Home.exe

c:\windows\expert\Apps\Install.ico

c:\windows\expert\Apps\PDF.ICO

c:\windows\expert\Apps\Readme.ico

c:\windows\expert\Apps\Register.exe

c:\windows\expert\Apps\Support.exe

c:\windows\expert\X6820.INI

.

c:\windows\system32\kernel32.dll . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

.

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected

Restored copy from - c:\system volume information\_restore{130BA6E2-0C5D-4829-A2D4-96506D5A654D}\RP384\A0108321.dll

.

((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))

.

.

2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll

2011-05-10 05:53 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 05:53 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-10 05:53 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 05:53 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 05:53 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 05:53 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-10 05:53 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-10 05:53 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-10 05:52 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 05:52 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 05:51 . 2011-05-10 05:51 -------- d-----w- c:\program files\AVAST Software

2011-05-10 05:51 . 2011-05-10 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-05-10 03:51 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll

2011-05-10 03:51 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll

2011-05-10 03:50 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-05-10 03:50 . 2011-05-10 03:51 -------- d-----w- c:\windows\system32\ZoneLabs

2011-05-10 03:50 . 2011-05-10 03:50 -------- d-----w- c:\program files\Zone Labs

2011-05-10 03:49 . 2011-05-10 08:43 -------- d-----w- c:\windows\Internet Logs

2011-05-10 01:34 . 2011-04-14 17:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE

2011-05-09 20:39 . 2011-05-09 20:39 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10

2011-05-09 20:24 . 2011-05-10 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-05-09 20:09 . 2011-05-10 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-05-07 22:01 . 2011-05-07 22:13 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft

2011-04-26 02:02 . 2011-04-26 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2011-04-23 00:01 . 2011-04-23 00:01 -------- d-----w- c:\program files\AMD APP

2011-04-22 23:57 . 2011-03-09 04:39 1112576 ----a-w- c:\windows\system32\ativvamv.dll

2011-04-22 22:14 . 2011-04-23 03:32 -------- d-----w- c:\program files\StarCraft II

2011-04-19 06:39 . 2011-04-19 06:39 -------- d-----w- c:\program files\LOLReplay

2011-04-18 04:55 . 2011-04-18 04:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Beat Hazard

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-03 20:33 . 2008-10-03 13:16 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-04-15 19:48 . 2009-03-25 22:47 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2011-04-14 09:07 . 2010-05-08 17:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-03 00:52 . 2009-11-10 18:51 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-04-03 00:52 . 2009-11-10 22:31 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-04-03 00:52 . 2009-11-10 18:51 266400 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-04-02 04:17 . 2009-11-10 18:51 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-21 23:56 . 2011-03-21 23:56 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 23:55 . 2011-03-21 23:55 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-09 09:13 . 2008-12-01 18:13 6553088 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-03-09 05:44 . 2008-12-01 16:46 17444864 ----a-w- c:\windows\system32\atioglxx.dll

2011-03-09 05:04 . 2010-02-09 13:30 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-03-09 05:03 . 2010-02-09 13:30 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-03-09 05:02 . 2010-02-09 13:30 4669440 ----a-w- c:\windows\system32\aticaldd.dll

2011-03-09 05:00 . 2008-12-01 15:50 491520 ----a-w- c:\windows\system32\atiok3x2.dll

2011-03-09 04:51 . 2008-12-01 16:19 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-03-09 04:48 . 2008-12-01 16:52 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-03-09 04:47 . 2008-12-01 16:51 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-03-09 04:46 . 2008-12-01 16:27 4148544 ----a-w- c:\windows\system32\ati3duag.dll

2011-03-09 04:32 . 2008-12-01 16:11 2681600 ----a-w- c:\windows\system32\ativvaxx.dll

2011-03-09 04:29 . 2008-12-01 16:41 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-03-09 04:29 . 2008-12-01 16:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-03-09 04:29 . 2008-12-01 16:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-03-09 04:29 . 2008-12-01 16:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-03-09 04:29 . 2008-12-01 16:40 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-03-09 04:27 . 2008-12-01 16:38 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-03-09 04:26 . 2008-12-01 16:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-03-09 04:26 . 2010-12-12 01:25 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2011-03-09 04:22 . 2008-12-01 15:53 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-03-09 04:21 . 2008-12-01 15:52 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-03-09 04:20 . 2008-12-01 15:52 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-03-09 04:19 . 2010-02-09 13:30 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-03-09 04:19 . 2008-12-01 15:57 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-03-09 04:17 . 2008-12-01 15:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-03-09 04:16 . 2008-12-01 15:45 851968 ----a-w- c:\windows\system32\ati2cqag.dll

2011-03-07 05:31 . 2009-03-25 04:53 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2008-10-03 12:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27 . 2008-10-03 12:29 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-25 23:37 . 2009-03-25 22:47 1284712 ----a-w- c:\windows\RtlExUpd.dll

2011-02-22 23:06 . 2008-10-03 12:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 23:06 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 11:41 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:19 . 2008-10-03 12:27 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-04-14 04:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-08-28 10:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll

.

.

------- Sigcheck -------

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-10-03 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-10-03 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

.

[-] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

.

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

.

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-10-03 12:27 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-10-03 12:27 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

.

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

.

[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll

[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\mshtml.dll

[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3GDR\mshtml.dll

[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3QFE\mshtml.dll

[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll

[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll

[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll

[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll

[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll

[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll

[-] 2010-06-24 . 0FB7E2774BD643C181D673426AF3F62A . 3603968 . . [7.00.6000.21283] . . c:\windows\ie8\mshtml.dll

[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll

[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\ie7updates\KB2183461-IE7\mshtml.dll

[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll

[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\ie7\mshtml.dll

[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll

[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll

[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll

[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll

[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\mshtml.dll

[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\mshtml.dll

[-] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP2GDR\mshtml.dll

[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP2QFE\mshtml.dll

[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP3QFE\mshtml.dll

[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP3GDR\mshtml.dll

[-] 2008-10-16 . 9C2C058E341E6B627789EF88D3B98445 . 3059712 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\mshtml.dll

[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\mshtml.dll

[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\mshtml.dll

[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\mshtml.dll

[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\mshtml.dll

[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll

[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\mshtml.dll

[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll

.

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

.

[-] 2008-10-03 . 290C1A30DEFC723BBE10910AC2D6F6D0 . 245248 . . [5.1.2600.5649] . . c:\windows\system32\mswsock.dll

[-] 2008-10-03 . 290C1A30DEFC723BBE10910AC2D6F6D0 . 245248 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\mswsock.dll

.

[-] 2008-10-03 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

[-] 2008-10-03 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\dllcache\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-10-03 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll

[-] 2008-10-03 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\dllcache\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll

[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\wininet.dll

[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\dllcache\wininet.dll

[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3GDR\wininet.dll

[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3QFE\wininet.dll

[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll

[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll

[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll

[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll

[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll

[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll

[-] 2010-06-24 . 2E5F7848F3FEECC1F3915A64C0AD0FA8 . 841216 . . [7.00.6000.21283] . . c:\windows\ie8\wininet.dll

[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll

[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\ie7updates\KB2183461-IE7\wininet.dll

[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll

[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\ie7\wininet.dll

[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll

[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll

[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll

[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll

[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\wininet.dll

[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\wininet.dll

[-] 2008-10-16 . 6F1E4BFD78C4E0D05FF3725D59B72925 . 659456 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll

[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll

[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll

[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll

[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll

[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll

[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-10-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2008-10-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\system32\dllcache\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

.

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

.

[-] 2008-10-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

.

[-] 2008-10-03 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll

[-] 2008-10-03 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2008-04-14 09:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2010-12-09 . F917F7E5FC9F80D3C36978A9CCEF6BE4 . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe

.

[-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-10-03 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll

[-] 2008-10-03 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll

.

[-] 2010-12-09 . DC4A984DEA7E24166800D38442405130 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-10-03 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll

[-] 2008-10-03 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-03 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-03 131072]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-23 180224]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]

"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]

2010-01-22 20:35 1845248 ----a-w- c:\program files\Curse\CurseClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-02-17 05:41 135664 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-10-03 12:41 135168 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2008-09-09 06:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2006-08-17 17:45 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-04-14 17:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2011-03-09 04:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NMIndexingService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"PnkBstrB"=2 (0x2)

"PnkBstrA"=2 (0x2)

"QBFCService"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\valkskorn\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Steam\\steam.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\Python24\\python.exe"=

"c:\\Program Files\\Steam\\steamapps\\valkskorn\\source sdk base\\hl2.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Games and Stuff\\CurseClient.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Stunlock Studios\\Bloodline Champions Beta\\Binary\\BloodlineChampionsLoader.exe"=

"c:\\Program Files\\Heroes of Newerth\\hon.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\lumines\\lumines.exe"=

"c:\\Riot Games\\League of Legends EU\\air\\LolClient.exe"=

"c:\\Riot Games\\League of Legends EU\\game\\League of Legends.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\WLLYG06V.BW0\\ACQ37QDR.GEG\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Dead Space.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=

"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=

"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"1627:TCP"= 1627:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"58515:TCP"= 58515:TCP:Pando Media Booster

"58515:UDP"= 58515:UDP:Pando Media Booster

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"6885:TCP"= 6885:TCP:League of Legends Launcher

"6885:UDP"= 6885:UDP:League of Legends Launcher

"6889:TCP"= 6889:TCP:League of Legends Launcher

"6889:UDP"= 6889:UDP:League of Legends Launcher

"6919:TCP"= 6919:TCP:League of Legends Launcher

"6919:UDP"= 6919:UDP:League of Legends Launcher

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"6954:TCP"= 6954:TCP:League of Legends Launcher

"6954:UDP"= 6954:UDP:League of Legends Launcher

"6895:TCP"= 6895:TCP:League of Legends Launcher

"6895:UDP"= 6895:UDP:League of Legends Launcher

"6978:TCP"= 6978:TCP:League of Legends Launcher

"6978:UDP"= 6978:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"6944:TCP"= 6944:TCP:League of Legends Launcher

"6944:UDP"= 6944:UDP:League of Legends Launcher

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/10/2011 1:53 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/10/2011 1:53 AM 307288]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2011 1:53 AM 19544]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/5/2010 11:17 PM 20072]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8/11/2010 3:45 PM 33792]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2009 6:47 PM 1691480]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [12/25/2010 11:03 PM 25832]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Exteel\System\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Exteel\System\GameGuard\dump_wmimmc.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/25/2010 10:38 AM 691696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844237615-682003330-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 05:41]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844237615-682003330-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 05:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/

uInternet Settings,ProxyOverride = *.local;<local>

uCustomizeSearch =

uSearchAssistant =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {0C5CF442-582C-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {0C5CF442-582E-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw2k.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtt1hpcz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}

FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-boincmgr - c:\program files\BOINC\boincmgr.exe

MSConfigStartUp-boinctray - c:\program files\BOINC\boinctray.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-10 04:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-329068152-1844237615-682003330-1003\Software\SecuROM\License information*]

"datasecu"=hex:6d,44,4b,c0,ea,59,2f,c0,a2,45,03,a5,17,87,5f,14,c7,cc,0b,62,20,

8a,f9,92,3a,44,73,43,e6,2f,a3,e0,55,d3,e0,78,6e,19,05,20,2a,1f,31,a6,9c,44,\

"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(812)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(2160)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\libusbd-nt.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-05-10 04:57:20 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-10 08:57

.

Pre-Run: 4,531,982,336 bytes free

Post-Run: 4,565,245,952 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog

.

- - End Of File - - CEDB1987D4B48C4A06A329A9FAFD2795

As of right now, I'm not noticing any serious slowdowns or issues like I was experiencing before. Malwarebytes and Avast don't pick anything up, nor do my other anti-spyware/malware programs. Rootrepeal doesn't pick up any suspicious objects when doing a file scan or scanning for hidden objects. How's it looking?

Share this post


Link to post
Share on other sites

Hello and :welcome:

Although things look better and the active rootkit is most likely gone, I still see some rootkit remnants that may put your computer's safety in danger.

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.

Close out all other open programs and windows.

Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Share this post


Link to post
Share on other sites

It ran for several minutes the first time and came up with no results, so I entered the commands and shut down, brought it back up after a couple minutes, waited a bit, then entered the command to run it again.

C:\Documents and Settings\Owner\Desktop\HelpAsst_mebroot_fix.exe

Wed 05/11/2011 at 16:02:05.87

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes

Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove

termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"1627:TCP"=-

"3389:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

"65533:TCP"=-

"52344:TCP"=-

"2479:TCP"=-

"1627:TCP"=-

"3389:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-329068152-1844237615-682003330-1000

HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove

~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Wed 05/11/2011 at 16:35:13.85

Account active No

Local Group Memberships *Administrators

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x01D1C06C0

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Share this post


Link to post
Share on other sites

That cleaned up the remnants nicely. Please rerun DDS and post me attach.txt

Redownload also Combofix and rerun it. Post me the new log.

Share this post


Link to post
Share on other sites

ComboFix 11-05-11.04 - Owner 05/12/2011 14:52:12.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1533 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))

.

.

2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll

2011-05-11 20:02 . 2011-05-11 20:02 -------- d-----w- C:\HelpAsst_backup

2011-05-10 05:53 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 05:53 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-10 05:53 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 05:53 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 05:53 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 05:53 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-10 05:53 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-10 05:53 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-10 05:52 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 05:52 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 05:51 . 2011-05-10 05:51 -------- d-----w- c:\program files\AVAST Software

2011-05-10 05:51 . 2011-05-10 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-05-10 03:51 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll

2011-05-10 03:51 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll

2011-05-10 03:50 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-05-10 03:50 . 2011-05-10 03:51 -------- d-----w- c:\windows\system32\ZoneLabs

2011-05-10 03:50 . 2011-05-10 03:50 -------- d-----w- c:\program files\Zone Labs

2011-05-10 03:49 . 2011-05-12 18:48 -------- d-----w- c:\windows\Internet Logs

2011-05-10 01:34 . 2011-04-14 17:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE

2011-05-09 20:39 . 2011-05-09 20:39 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10

2011-05-09 20:24 . 2011-05-10 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-05-09 20:09 . 2011-05-10 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-05-07 22:01 . 2011-05-07 22:13 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft

2011-04-26 02:02 . 2011-04-26 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2011-04-23 00:01 . 2011-04-23 00:01 -------- d-----w- c:\program files\AMD APP

2011-04-22 23:57 . 2011-03-09 04:39 1112576 ----a-w- c:\windows\system32\ativvamv.dll

2011-04-22 22:14 . 2011-04-23 03:32 -------- d-----w- c:\program files\StarCraft II

2011-04-19 06:39 . 2011-04-19 06:39 -------- d-----w- c:\program files\LOLReplay

2011-04-18 04:55 . 2011-04-18 04:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Beat Hazard

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-03 20:33 . 2008-10-03 13:16 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-04-15 19:48 . 2009-03-25 22:47 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2011-04-14 09:07 . 2010-05-08 17:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-03 00:52 . 2009-11-10 18:51 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-04-03 00:52 . 2009-11-10 22:31 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-04-03 00:52 . 2009-11-10 18:51 266400 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-04-02 04:17 . 2009-11-10 18:51 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-21 23:56 . 2011-03-21 23:56 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 23:55 . 2011-03-21 23:55 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-09 09:13 . 2008-12-01 18:13 6553088 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-03-09 05:44 . 2008-12-01 16:46 17444864 ----a-w- c:\windows\system32\atioglxx.dll

2011-03-09 05:04 . 2010-02-09 13:30 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-03-09 05:03 . 2010-02-09 13:30 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-03-09 05:02 . 2010-02-09 13:30 4669440 ----a-w- c:\windows\system32\aticaldd.dll

2011-03-09 05:00 . 2008-12-01 15:50 491520 ----a-w- c:\windows\system32\atiok3x2.dll

2011-03-09 04:51 . 2008-12-01 16:19 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-03-09 04:48 . 2008-12-01 16:52 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-03-09 04:47 . 2008-12-01 16:51 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-03-09 04:46 . 2008-12-01 16:27 4148544 ----a-w- c:\windows\system32\ati3duag.dll

2011-03-09 04:32 . 2008-12-01 16:11 2681600 ----a-w- c:\windows\system32\ativvaxx.dll

2011-03-09 04:29 . 2008-12-01 16:41 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-03-09 04:29 . 2008-12-01 16:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-03-09 04:29 . 2008-12-01 16:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-03-09 04:29 . 2008-12-01 16:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-03-09 04:29 . 2008-12-01 16:40 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-03-09 04:27 . 2008-12-01 16:38 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-03-09 04:26 . 2008-12-01 16:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-03-09 04:26 . 2010-12-12 01:25 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2011-03-09 04:22 . 2008-12-01 15:53 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-03-09 04:21 . 2008-12-01 15:52 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-03-09 04:20 . 2008-12-01 15:52 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-03-09 04:19 . 2010-02-09 13:30 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-03-09 04:19 . 2008-12-01 15:57 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-03-09 04:17 . 2008-12-01 15:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-03-09 04:16 . 2008-12-01 15:45 851968 ----a-w- c:\windows\system32\ati2cqag.dll

2011-03-07 05:31 . 2009-03-25 04:53 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2008-10-03 12:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27 . 2008-10-03 12:29 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-25 23:37 . 2009-03-25 22:47 1284712 ----a-w- c:\windows\RtlExUpd.dll

2011-02-22 23:06 . 2008-10-03 12:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 23:06 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 11:41 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:19 . 2008-10-03 12:27 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-04-14 04:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-08-28 10:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll

.

.

------- Sigcheck -------

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-10-03 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-10-03 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

.

[-] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

.

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

.

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-10-03 12:27 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-10-03 12:27 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

.

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

.

[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll

[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\mshtml.dll

[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3GDR\mshtml.dll

[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3QFE\mshtml.dll

[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll

[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll

[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll

[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll

[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll

[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll

[-] 2010-06-24 . 0FB7E2774BD643C181D673426AF3F62A . 3603968 . . [7.00.6000.21283] . . c:\windows\ie8\mshtml.dll

[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll

[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\ie7updates\KB2183461-IE7\mshtml.dll

[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll

[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\ie7\mshtml.dll

[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll

[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll

[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll

[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll

[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\mshtml.dll

[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\mshtml.dll

[-] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP2GDR\mshtml.dll

[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP2QFE\mshtml.dll

[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP3QFE\mshtml.dll

[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP3GDR\mshtml.dll

[-] 2008-10-16 . 9C2C058E341E6B627789EF88D3B98445 . 3059712 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\mshtml.dll

[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\mshtml.dll

[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\mshtml.dll

[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\mshtml.dll

[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\mshtml.dll

[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll

[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\mshtml.dll

[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll

.

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

.

[-] 2008-10-03 . 290C1A30DEFC723BBE10910AC2D6F6D0 . 245248 . . [5.1.2600.5649] . . c:\windows\system32\mswsock.dll

[-] 2008-10-03 . 290C1A30DEFC723BBE10910AC2D6F6D0 . 245248 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\mswsock.dll

.

[-] 2008-10-03 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

[-] 2008-10-03 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\dllcache\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-10-03 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll

[-] 2008-10-03 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\dllcache\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll

[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\wininet.dll

[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\dllcache\wininet.dll

[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3GDR\wininet.dll

[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3QFE\wininet.dll

[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll

[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll

[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll

[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll

[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll

[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll

[-] 2010-06-24 . 2E5F7848F3FEECC1F3915A64C0AD0FA8 . 841216 . . [7.00.6000.21283] . . c:\windows\ie8\wininet.dll

[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll

[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\ie7updates\KB2183461-IE7\wininet.dll

[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll

[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\ie7\wininet.dll

[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll

[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll

[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll

[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll

[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\wininet.dll

[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\wininet.dll

[-] 2008-10-16 . 6F1E4BFD78C4E0D05FF3725D59B72925 . 659456 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll

[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll

[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll

[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll

[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll

[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll

[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-10-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2008-10-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\system32\dllcache\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

.

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

.

[-] 2008-10-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

.

[-] 2008-10-03 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll

[-] 2008-10-03 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2008-04-14 09:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2010-12-09 . F917F7E5FC9F80D3C36978A9CCEF6BE4 . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe

.

[-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-10-03 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll

[-] 2008-10-03 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll

.

[-] 2010-12-09 . DC4A984DEA7E24166800D38442405130 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-10-03 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll

[-] 2008-10-03 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-03 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-03 131072]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-23 180224]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]

"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]

2010-01-22 20:35 1845248 ----a-w- c:\program files\Curse\CurseClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-02-17 05:41 135664 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-10-03 12:41 135168 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2008-09-09 06:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2006-08-17 17:45 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-04-14 17:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2011-03-09 04:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NMIndexingService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"PnkBstrB"=2 (0x2)

"PnkBstrA"=2 (0x2)

"QBFCService"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\valkskorn\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Steam\\steam.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\Python24\\python.exe"=

"c:\\Program Files\\Steam\\steamapps\\valkskorn\\source sdk base\\hl2.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Games and Stuff\\CurseClient.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Stunlock Studios\\Bloodline Champions Beta\\Binary\\BloodlineChampionsLoader.exe"=

"c:\\Program Files\\Heroes of Newerth\\hon.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\lumines\\lumines.exe"=

"c:\\Riot Games\\League of Legends EU\\air\\LolClient.exe"=

"c:\\Riot Games\\League of Legends EU\\game\\League of Legends.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\WLLYG06V.BW0\\ACQ37QDR.GEG\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Dead Space.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=

"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=

"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"58515:TCP"= 58515:TCP:Pando Media Booster

"58515:UDP"= 58515:UDP:Pando Media Booster

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"6885:TCP"= 6885:TCP:League of Legends Launcher

"6885:UDP"= 6885:UDP:League of Legends Launcher

"6889:TCP"= 6889:TCP:League of Legends Launcher

"6889:UDP"= 6889:UDP:League of Legends Launcher

"6919:TCP"= 6919:TCP:League of Legends Launcher

"6919:UDP"= 6919:UDP:League of Legends Launcher

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"6954:TCP"= 6954:TCP:League of Legends Launcher

"6954:UDP"= 6954:UDP:League of Legends Launcher

"6895:TCP"= 6895:TCP:League of Legends Launcher

"6895:UDP"= 6895:UDP:League of Legends Launcher

"6978:TCP"= 6978:TCP:League of Legends Launcher

"6978:UDP"= 6978:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"6944:TCP"= 6944:TCP:League of Legends Launcher

"6944:UDP"= 6944:UDP:League of Legends Launcher

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/10/2011 1:53 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/10/2011 1:53 AM 307288]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2011 1:53 AM 19544]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/5/2010 11:17 PM 20072]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8/11/2010 3:45 PM 33792]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2009 6:47 PM 1691480]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [12/25/2010 11:03 PM 25832]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Exteel\System\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Exteel\System\GameGuard\dump_wmimmc.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/25/2010 10:38 AM 691696]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844237615-682003330-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 05:41]

.

2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844237615-682003330-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 05:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/

uInternet Settings,ProxyOverride = *.local;<local>

uCustomizeSearch =

uSearchAssistant =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {0C5CF442-582C-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {0C5CF442-582E-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw2k.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtt1hpcz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}

FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-12 15:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-329068152-1844237615-682003330-1003\Software\SecuROM\License information*]

"datasecu"=hex:6d,44,4b,c0,ea,59,2f,c0,a2,45,03,a5,17,87,5f,14,c7,cc,0b,62,20,

8a,f9,92,3a,44,73,43,e6,2f,a3,e0,55,d3,e0,78,6e,19,05,20,2a,1f,31,a6,9c,44,\

"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(808)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(2364)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-05-12 15:11:35

ComboFix-quarantined-files.txt 2011-05-12 19:11

ComboFix2.txt 2011-05-10 08:57

.

Pre-Run: 14,418,038,784 bytes free

Post-Run: 14,492,647,424 bytes free

.

- - End Of File - - AB9DD1F73846B3212DC8B3058CABA9EE

Share this post


Link to post
Share on other sites

Please run the following tool (note, it might give you quite some errors, just ignore them and continue).

Afterwards rerun combofix and post me the new log. How are things running?

  • Please download Dial-A-Fix from one of the following mirrors:

    [*]Extract the zip file to your desktop.

    [*]Double click Dial-a-Fix.exe to start the program. Note - you might see an error message regarding Internet Explorer. Just ignore this and continue.

    [*]Press the green double checkmark box (Looks like this: checkmark.png)

    [*]UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

    toUncheck.png

    mainWindow.png

    [*]Click on go

    [*]Exit/Close Dial-A-Fix

Share this post


Link to post
Share on other sites

Took longer than expected, the first time I ran DAF it got hung up on ending cryptsvc because of ZoneAlarm. Got it working again and ran it, then ran Combofix, it restarted the system near the end and generated the log. Everything seems to be working smoothly now, there's no severe slowdowns, lockups, or freezing that I've encountered.

ComboFix 11-05-11.04 - Owner 05/12/2011 16:51:47.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1427 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))

.

.

2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll

2011-05-12 20:41 . 2011-05-12 21:06 -------- d-----w- c:\windows\system32\CatRoot2

2011-05-11 20:02 . 2011-05-11 20:02 -------- d-----w- C:\HelpAsst_backup

2011-05-10 05:53 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 05:53 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-10 05:53 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 05:53 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 05:53 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 05:53 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-10 05:53 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-10 05:53 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-10 05:52 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 05:52 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 05:51 . 2011-05-10 05:51 -------- d-----w- c:\program files\AVAST Software

2011-05-10 05:51 . 2011-05-10 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-05-10 03:51 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll

2011-05-10 03:51 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll

2011-05-10 03:50 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-05-10 03:50 . 2011-05-10 03:51 -------- d-----w- c:\windows\system32\ZoneLabs

2011-05-10 03:50 . 2011-05-10 03:50 -------- d-----w- c:\program files\Zone Labs

2011-05-10 03:49 . 2011-05-12 21:07 -------- d-----w- c:\windows\Internet Logs

2011-05-10 01:34 . 2011-04-14 17:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE

2011-05-09 20:39 . 2011-05-09 20:39 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10

2011-05-09 20:24 . 2011-05-10 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-05-09 20:09 . 2011-05-10 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-05-07 22:01 . 2011-05-07 22:13 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft

2011-04-26 02:02 . 2011-04-26 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2011-04-23 00:01 . 2011-04-23 00:01 -------- d-----w- c:\program files\AMD APP

2011-04-22 23:57 . 2011-03-09 04:39 1112576 ----a-w- c:\windows\system32\ativvamv.dll

2011-04-22 22:14 . 2011-04-23 03:32 -------- d-----w- c:\program files\StarCraft II

2011-04-19 06:39 . 2011-04-19 06:39 -------- d-----w- c:\program files\LOLReplay

2011-04-18 04:55 . 2011-04-18 04:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Beat Hazard

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-03 20:33 . 2008-10-03 13:16 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-04-15 19:48 . 2009-03-25 22:47 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2011-04-14 09:07 . 2010-05-08 17:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-03 00:52 . 2009-11-10 18:51 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-04-03 00:52 . 2009-11-10 22:31 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-04-03 00:52 . 2009-11-10 18:51 266400 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-04-02 04:17 . 2009-11-10 18:51 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-21 23:56 . 2011-03-21 23:56 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 23:55 . 2011-03-21 23:55 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-09 09:13 . 2008-12-01 18:13 6553088 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-03-09 05:44 . 2008-12-01 16:46 17444864 ----a-w- c:\windows\system32\atioglxx.dll

2011-03-09 05:04 . 2010-02-09 13:30 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-03-09 05:03 . 2010-02-09 13:30 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-03-09 05:02 . 2010-02-09 13:30 4669440 ----a-w- c:\windows\system32\aticaldd.dll

2011-03-09 05:00 . 2008-12-01 15:50 491520 ----a-w- c:\windows\system32\atiok3x2.dll

2011-03-09 04:51 . 2008-12-01 16:19 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-03-09 04:48 . 2008-12-01 16:52 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-03-09 04:47 . 2008-12-01 16:51 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-03-09 04:46 . 2008-12-01 16:27 4148544 ----a-w- c:\windows\system32\ati3duag.dll

2011-03-09 04:32 . 2008-12-01 16:11 2681600 ----a-w- c:\windows\system32\ativvaxx.dll

2011-03-09 04:29 . 2008-12-01 16:41 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-03-09 04:29 . 2008-12-01 16:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-03-09 04:29 . 2008-12-01 16:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-03-09 04:29 . 2008-12-01 16:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-03-09 04:29 . 2008-12-01 16:40 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-03-09 04:27 . 2008-12-01 16:38 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-03-09 04:26 . 2008-12-01 16:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-03-09 04:26 . 2010-12-12 01:25 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2011-03-09 04:22 . 2008-12-01 15:53 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-03-09 04:21 . 2008-12-01 15:52 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-03-09 04:20 . 2008-12-01 15:52 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-03-09 04:19 . 2010-02-09 13:30 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-03-09 04:19 . 2008-12-01 15:57 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-03-09 04:17 . 2008-12-01 15:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-03-09 04:16 . 2008-12-01 15:45 851968 ----a-w- c:\windows\system32\ati2cqag.dll

2011-03-07 05:31 . 2009-03-25 04:53 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2008-10-03 12:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27 . 2008-10-03 12:29 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-25 23:37 . 2009-03-25 22:47 1284712 ----a-w- c:\windows\RtlExUpd.dll

2011-02-22 23:06 . 2008-10-03 12:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 23:06 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 11:41 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:19 . 2008-10-03 12:27 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-04-14 04:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-08-28 10:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll

.

.

------- Sigcheck -------

.

[-] 2008-10-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-03 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-03 131072]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-23 180224]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]

"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]

2010-01-22 20:35 1845248 ----a-w- c:\program files\Curse\CurseClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-02-17 05:41 135664 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-10-03 12:41 135168 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2008-09-09 06:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2006-08-17 17:45 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-04-14 17:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2011-03-09 04:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NMIndexingService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"PnkBstrB"=2 (0x2)

"PnkBstrA"=2 (0x2)

"QBFCService"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\valkskorn\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Steam\\steam.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\Python24\\python.exe"=

"c:\\Program Files\\Steam\\steamapps\\valkskorn\\source sdk base\\hl2.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Games and Stuff\\CurseClient.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Stunlock Studios\\Bloodline Champions Beta\\Binary\\BloodlineChampionsLoader.exe"=

"c:\\Program Files\\Heroes of Newerth\\hon.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\lumines\\lumines.exe"=

"c:\\Riot Games\\League of Legends EU\\air\\LolClient.exe"=

"c:\\Riot Games\\League of Legends EU\\game\\League of Legends.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\WLLYG06V.BW0\\ACQ37QDR.GEG\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Dead Space.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=

"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=

"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"58515:TCP"= 58515:TCP:Pando Media Booster

"58515:UDP"= 58515:UDP:Pando Media Booster

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"6885:TCP"= 6885:TCP:League of Legends Launcher

"6885:UDP"= 6885:UDP:League of Legends Launcher

"6889:TCP"= 6889:TCP:League of Legends Launcher

"6889:UDP"= 6889:UDP:League of Legends Launcher

"6919:TCP"= 6919:TCP:League of Legends Launcher

"6919:UDP"= 6919:UDP:League of Legends Launcher

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"6954:TCP"= 6954:TCP:League of Legends Launcher

"6954:UDP"= 6954:UDP:League of Legends Launcher

"6895:TCP"= 6895:TCP:League of Legends Launcher

"6895:UDP"= 6895:UDP:League of Legends Launcher

"6978:TCP"= 6978:TCP:League of Legends Launcher

"6978:UDP"= 6978:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"6944:TCP"= 6944:TCP:League of Legends Launcher

"6944:UDP"= 6944:UDP:League of Legends Launcher

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/10/2011 1:53 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/10/2011 1:53 AM 307288]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2011 1:53 AM 19544]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/5/2010 11:17 PM 20072]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8/11/2010 3:45 PM 33792]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2009 6:47 PM 1691480]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [12/25/2010 11:03 PM 25832]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Exteel\System\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Exteel\System\GameGuard\dump_wmimmc.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/25/2010 10:38 AM 691696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844237615-682003330-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 05:41]

.

2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844237615-682003330-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 05:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/

uInternet Settings,ProxyOverride = *.local;<local>

uCustomizeSearch =

uSearchAssistant =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {0C5CF442-582C-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {0C5CF442-582E-4357-B116-765DA99CAA8C} - hxxp://ax-content.munpl.org/appxtender/client/IrcViewer.cab

DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw2k.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtt1hpcz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}

FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-12 17:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-329068152-1844237615-682003330-1003\Software\SecuROM\License information*]

"datasecu"=hex:6d,44,4b,c0,ea,59,2f,c0,a2,45,03,a5,17,87,5f,14,c7,cc,0b,62,20,

8a,f9,92,3a,44,73,43,e6,2f,a3,e0,55,d3,e0,78,6e,19,05,20,2a,1f,31,a6,9c,44,\

"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(784)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(2068)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\libusbd-nt.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Completion time: 2011-05-12 17:13:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-12 21:13

ComboFix2.txt 2011-05-12 19:11

ComboFix3.txt 2011-05-10 08:57

.

Pre-Run: 14,169,088,000 bytes free

Post-Run: 13,969,362,944 bytes free

.

- - End Of File - - 59C113119F1CDE585905CEA98EB75878

Share this post


Link to post
Share on other sites

That looks indeed a lot better! :)

Please rerun DDS and post me attach.txt

Share this post


Link to post
Share on other sites

Here's the new attach log, I realized that before I had inadvertently cleared the attachments before the post went through.

Attach.txt

Share this post


Link to post
Share on other sites

Hi again,

P2P WARNING

-------------------

Going over your logs I noticed that you have BitTorrent installed.

  • [*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Share this post


Link to post
Share on other sites

Sorry for the delay, been having a lot of unrelated internet issues.

I am aware of Bittorrent, I mentioned it in my first post. I haven't used it for years. I'm aware of the hazards/risks.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6592

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/16/2011 5:39:11 PM

mbam-log-2011-05-16 (17-39-11).txt

Scan type: Full scan (C:\|)

Objects scanned: 477621

Time elapsed: 2 hour(s), 21 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

That looks good! :) Any problem left? Lets do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Share this post


Link to post
Share on other sites

I haven't had any other problems that I've noticed, ESET produced this.

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Application Data\Sun\Java\Deployment\cache\6.0\47\4934abef-49712ae6 multiple threats deleted - quarantined

Share this post


Link to post
Share on other sites

Thats just a leftover. :)

Please click Start > Run and type helpasst -cleanup and press enter. This will remove all Helpassistant fix backups.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Share this post


Link to post
Share on other sites

I read the information and took care of uninstalling ComboFix and such, the computer seems to be working fine as far as I can tell. Thanks.

Share this post


Link to post
Share on other sites

You are welcome. :)

I will request this topic to be closed.

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.