Page 1 of 5 123 ... LastLast
Results 1 to 10 of 41
  1. #1
    Member
    Join Date
    Sep 2005
    Location
    Cleveland, OH
    Posts
    143
    Points
    2

    Default Possible AV.exe virus

    Hello, I've got a laptop that I'm having some issues with and am looking for some assistance.

    HP Pavilion laptop, 1.8 GhZ processor
    XP Home SP3
    2GB ram


    I was getting some pop-ups saying that the PC had been infected with a AV.exe trojan virus. But the ESET anti-viurs program seemed to "catch and resolve by deleting" the issue each time. I ran CCleaner & a full ESET scan (which found no issues). Over the past couple of days I'm now not able to open any files or programs. The icons on the desktop and in the program list show up as generic icons and when I click on them I get a notice saying - Windows cant open this file, do you want to use the Web service to find a program or select a program from the list.

    I looked online a bit and found a fix for this by merging a file to the registry. So I copied over the below text and merged it into the registry.


    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\.exe]
    @="exefile"
    "Content Type"="application/x-msdownload"

    [HKEY_CLASSES_ROOT\.exe\PersistentHandler]
    @="{098f2470-bae0-11cd-b579-08002b30bfeb}"

    [HKEY_CLASSES_ROOT\exefile]
    @="Application"
    "EditFlags"=hex:38,07,00,00
    "TileInfo"="prop:FileDescription;Company;FileVersion"
    "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

    [HKEY_CLASSES_ROOT\exefile\DefaultIcon]
    @="%1"

    [HKEY_CLASSES_ROOT\exefile\shell]

    [HKEY_CLASSES_ROOT\exefile\shell\open]
    "EditFlags"=hex:00,00,00,00

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shell\runas]

    [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
    @="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shellex]

    [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
    @="{86C86720-42A0-1069-A2E8-08002B30309D}"

    [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

    [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
    @="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

    [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
    @="{86F19A00-42A0-1069-A2E9-08002B30309D}"

    [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
    @="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

    [HKEY_CLASSES_ROOT\regfile]
    @="Registration Entries"
    "EditFlags"=dword:00100000
    "BrowserFlags"=dword:00000008

    [HKEY_CLASSES_ROOT\regfile\DefaultIcon]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\
    2c,00,31,00,00,00

    [HKEY_CLASSES_ROOT\regfile\shell]
    @="open"

    [HKEY_CLASSES_ROOT\regfile\shell\edit]

    [HKEY_CLASSES_ROOT\regfile\shell\edit\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
    54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\
    00

    [HKEY_CLASSES_ROOT\regfile\shell\open]
    @="Mer&ge"

    [HKEY_CLASSES_ROOT\regfile\shell\open\command]
    @="regedit.exe \"%1\""

    [HKEY_CLASSES_ROOT\regfile\shell\print]

    [HKEY_CLASSES_ROOT\regfile\shell\print\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
    54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\
    00,25,00,31,00,00,00

    [HKEY_CLASSES_ROOT\.lnk]


    That seemed to fix the issue long enough for me to download Malewarebytes, SuperAnti Spyware & HijackThis. I ran Malewarebytes and got the log, but when I tried to run SuperAnti Spyware I got the same - "Windows cant open this file, do you want to use ..." pop-ups.

    So I'm posting the Malewarebytes log (which also found no issues) and looking for some direction on what to do next. Since I cant run any programs.

    Thanks in advance.


    Malwarebytes Anti-Malware 1.60.0.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.01.11.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Tasha :: OLIVIA [limited]

    1/16/2012 1:29:49 PM
    mbam-log-2012-01-16 (13-29-49).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 267631
    Time elapsed: 1 hour(s), 50 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Sep 2005
    Location
    Cleveland, OH
    Posts
    143
    Points
    2

    Default

    Ok, I downloaded the DDS.pif and GMER.exe files to a flash drive and then transfered them over to the laptop. I ran the DDS.pif file and got 2 logs, which are pasted below.

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Tasha at 13:04:58 on 2012-01-17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.729 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie8
    uWindow Title = Windows Internet Explorer provided by AOL
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [Reminder] c:\windows\creator\Remind_XP.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: DhcpNameServer = 10.88.22.37 10.88.22.38 10.88.28.75 10.72.140.33
    TCP: Interfaces\{D406207C-249C-489B-ACA0-E31F01A15C9D} : DhcpNameServer = 10.88.22.37 10.88.22.38 10.88.28.75 10.72.140.33
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-4-9 94360]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl06e5dfc2;MpKsl06e5dfc2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f836d76-0194-4be6-85de-628653745b4b}\MpKsl06e5dfc2.sys [2012-1-17 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-4-9 731840]
    S1 MpKsl1e1d91d7;MpKsl1e1d91d7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\mpksl1e1d91d7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\MpKsl1e1d91d7.sys [?]
    S1 MpKsl2a14abc0;MpKsl2a14abc0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a42223ca-c68d-4e66-8ebc-2bccaf3008df}\mpksl2a14abc0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a42223ca-c68d-4e66-8ebc-2bccaf3008df}\MpKsl2a14abc0.sys [?]
    S1 MpKsl5e285322;MpKsl5e285322;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43481611-a14f-480c-9cf6-f3f7941a37e5}\mpksl5e285322.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43481611-a14f-480c-9cf6-f3f7941a37e5}\MpKsl5e285322.sys [?]
    S1 MpKsl82e234e9;MpKsl82e234e9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\mpksl82e234e9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\MpKsl82e234e9.sys [?]
    S1 MpKsl83a03ada;MpKsl83a03ada;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\mpksl83a03ada.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\MpKsl83a03ada.sys [?]
    S1 MpKsl88cfca64;MpKsl88cfca64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{11742bce-df7d-40b2-8f4e-f4c805953164}\mpksl88cfca64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{11742bce-df7d-40b2-8f4e-f4c805953164}\MpKsl88cfca64.sys [?]
    S1 MpKsl8e9f0038;MpKsl8e9f0038;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\mpksl8e9f0038.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\MpKsl8e9f0038.sys [?]
    S1 MpKsl910bb69a;MpKsl910bb69a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\mpksl910bb69a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\MpKsl910bb69a.sys [?]
    S1 MpKsl973f34f0;MpKsl973f34f0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43481611-a14f-480c-9cf6-f3f7941a37e5}\mpksl973f34f0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43481611-a14f-480c-9cf6-f3f7941a37e5}\MpKsl973f34f0.sys [?]
    S1 MpKslaeb8d977;MpKslaeb8d977;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f8e6b89-9f23-477a-8e5e-ab254f8680b6}\mpkslaeb8d977.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f8e6b89-9f23-477a-8e5e-ab254f8680b6}\MpKslaeb8d977.sys [?]
    S1 MpKslba1ca8c7;MpKslba1ca8c7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7fbac7b2-0908-47e1-80f8-d14eeee29dd7}\mpkslba1ca8c7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7fbac7b2-0908-47e1-80f8-d14eeee29dd7}\MpKslba1ca8c7.sys [?]
    S1 MpKslc7f4d129;MpKslc7f4d129;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7fbac7b2-0908-47e1-80f8-d14eeee29dd7}\mpkslc7f4d129.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7fbac7b2-0908-47e1-80f8-d14eeee29dd7}\MpKslc7f4d129.sys [?]
    S1 MpKsld7fbf661;MpKsld7fbf661;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\mpksld7fbf661.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b81b7325-cbb0-41ba-bc6b-9f5ac8f6b338}\MpKsld7fbf661.sys [?]
    S1 MpKsldcab346e;MpKsldcab346e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43481611-a14f-480c-9cf6-f3f7941a37e5}\mpksldcab346e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43481611-a14f-480c-9cf6-f3f7941a37e5}\MpKsldcab346e.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26a.tmp --> c:\windows\system32\26A.tmp [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-17 18:03:37 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f836d76-0194-4be6-85de-628653745b4b}\MpKsl06e5dfc2.sys
    2012-01-16 21:36:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f836d76-0194-4be6-85de-628653745b4b}\MpKsl948a871e.sys
    2012-01-16 21:36:09 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f836d76-0194-4be6-85de-628653745b4b}\offreg.dll
    2012-01-16 20:51:25 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f836d76-0194-4be6-85de-628653745b4b}\MpKsl81fc9577.sys
    2012-01-16 20:40:33 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
    2012-01-16 18:14:47 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f836d76-0194-4be6-85de-628653745b4b}\MpKsle0a57e03.sys
    2012-01-15 23:31:14 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f836d76-0194-4be6-85de-628653745b4b}\mpengine.dll
    2012-01-15 23:20:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-01-15 23:20:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-15 22:45:02 -------- d-----w- c:\windows\system32\LogFiles
    2012-01-15 21:37:08 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-01-15 21:19:53 -------- d-sh--w- c:\documents and settings\tasha\IECompatCache
    .
    ==================== Find3M ====================
    .
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    ============= FINISH: 13:05:59.06 ===============


    And

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/11/2009 1:26:38 AM
    System Uptime: 1/17/2012 1:02:34 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30B2
    Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | U1 | 1861/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 64 GiB total, 41.135 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 1.399 GiB free.
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\FBC050326E40A00
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\FBC050326E40A00
    Service: NIC1394
    .
    ==== System Restore Points ===================
    .
    RP37: 10/18/2011 5:35:43 PM - Software Distribution Service 3.0
    RP38: 10/21/2011 8:59:06 PM - System Checkpoint
    RP39: 11/3/2011 3:40:39 PM - System Checkpoint
    RP40: 11/12/2011 8:45:27 PM - System Checkpoint
    RP41: 11/13/2011 11:01:57 PM - Software Distribution Service 3.0
    RP42: 11/14/2011 9:37:09 PM - Software Distribution Service 3.0
    RP43: 11/17/2011 10:03:14 PM - Software Distribution Service 3.0
    RP44: 11/18/2011 3:04:33 PM - Unsigned driver install
    RP45: 11/20/2011 8:45:27 PM - System Checkpoint
    RP46: 11/29/2011 10:30:57 AM - System Checkpoint
    RP47: 12/8/2011 5:04:55 PM - System Checkpoint
    RP48: 1/15/2012 6:17:27 PM - Restore Operation
    RP49: 1/15/2012 6:31:46 PM - Installed Java(TM) 6 Update 30
    RP50: 1/16/2012 3:00:25 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    5 Card Slingo from Hewlett-Packard Laptops (remove only)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 6.0.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Belkin Setup and Router Monitor
    Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
    Blasterball 2 from Hewlett-Packard Laptops (remove only)
    Boggle Supreme from Hewlett-Packard Laptops (remove only)
    Bonjour
    Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
    Bounce Symphony from Hewlett-Packard Laptops (remove only)
    BufferChm
    Conexant HD Audio
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Crystal Maze from Hewlett-Packard Laptops (remove only)
    CueTour
    Customer Experience Enhancement
    Destinations
    DeviceManagementQFolder
    Easy Internet Sign-up
    ESET NOD32 Antivirus
    FATE from Hewlett-Packard Laptops (remove only)
    Final Drive Nitro from Hewlett-Packard Laptops (remove only)
    Flip Words from Hewlett-Packard Laptops (remove only)
    FullDPAppQFolder
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Game Console and games
    HP Help and Support
    HP Imaging Device Functions 6.0
    HP Photosmart Premier Software 6.0
    HP Quick Launch Buttons 6.00 G2
    HP QuickPlay 2.1
    HP Rhapsody
    HP Software Update
    HP User Guides 0027
    HP Wireless Assistant 2.00 E1
    HpSdpAppCoreApp
    Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
    InstantShareDevices
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 30
    Jewel Quest from Hewlett-Packard Laptops (remove only)
    Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
    Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
    LightScribe 1.4.74.1
    Macromedia Flash Player 8
    Mah Jong Quest from Hewlett-Packard Laptops (remove only)
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Money 2006
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Move Media Player
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.5
    Oasis from Hewlett-Packard Laptops (remove only)
    Office 2003 Trial Assistant
    OptionalContentQFolder
    ParetoLogic DriverCure
    PhotoGallery
    Polar Bowler from Hewlett-Packard Laptops (remove only)
    Polar Golfer from Hewlett-Packard Laptops (remove only)
    Puzzle Express from Hewlett-Packard Laptops (remove only)
    Quicken 2006
    QuickTime
    RandMap
    SCRABBLE from Hewlett-Packard Laptops (remove only)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    Slingo Deluxe from Hewlett-Packard Laptops (remove only)
    Slyder from Hewlett-Packard Laptops (remove only)
    SmartAudio
    Snowboard SuperJam
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    Super Granny from Hewlett-Packard Laptops (remove only)
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    TourSetup
    Tradewinds from Hewlett-Packard Laptops (remove only)
    Unload
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Wireless Home Network Setup
    Zuma Deluxe from Hewlett-Packard Laptops (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/16/2012 9:34:54 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    1/16/2012 9:00:29 AM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
    1/16/2012 5:42:19 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    1/16/2012 3:48:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/16/2012 3:25:32 AM, error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/16/2012 3:25:32 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
    1/16/2012 3:24:47 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    1/16/2012 3:24:47 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qsvg4.dll. Reference error message: The operation completed successfully. .
    1/16/2012 3:24:47 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll. Reference error message: The operation completed successfully. .
    1/16/2012 3:24:47 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    1/16/2012 2:14:09 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    1/16/2012 12:41:42 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0016D309ADEA has been denied by the DHCP server 10.88.156.60 (The DHCP Server sent a DHCPNACK message).
    1/16/2012 12:25:02 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    1/15/2012 10:13:18 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -433470 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.103:123->65.55.21.13:123) is working properly.
    .
    ==== End Of File ===========================



    But I was unable to run the GMER.exe file because I'm still unable to run any .exe files from the laptop. I get the pop-up "Windows cant open this file, do you want to use the Web service to find a program or select a program from the list". Thanks.

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.



    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    3.
    Please download exeHelper to your desktop.
    [list][*]Double-click on exeHelper.com to run the fix.[*]A black window should pop up, press any key to close once the fix is completed. [*]Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

    4.
    Download and run unhide.exe


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    exehelperlog.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    Sep 2005
    Location
    Cleveland, OH
    Posts
    143
    Points
    2

    Default

    Ok, so I ran the 4 scans (TDSS, ComboFix, exeHelper and Unhide) and the laptop seemed to be better. The icons came back on the desktop (instead of just showing up as generic icons), I turned ESET antivirus and Microsoft Security Essentials back on. The laptop rebooted and then it seemed to go back to how it was when I first posted here, with all the generic icons and not being able to open files or programs?? Not sure if I was supposed to do something additional before it rebooted??

    The 3 logs are posted below. Thanks.


    16:41:43.0781 2444 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
    16:41:44.0093 2444 ============================================================
    16:41:44.0093 2444 Current date / time: 2012/01/17 16:41:44.0093
    16:41:44.0093 2444 SystemInfo:
    16:41:44.0125 2444
    16:41:44.0125 2444 OS Version: 5.1.2600 ServicePack: 3.0
    16:41:44.0125 2444 Product type: Workstation
    16:41:44.0125 2444 ComputerName: OLIVIA
    16:41:44.0125 2444 UserName: Tasha
    16:41:44.0125 2444 Windows directory: C:\WINDOWS
    16:41:44.0125 2444 System windows directory: C:\WINDOWS
    16:41:44.0125 2444 Processor architecture: Intel x86
    16:41:44.0156 2444 Number of processors: 1
    16:41:44.0156 2444 Page size: 0x1000
    16:41:44.0156 2444 Boot type: Normal boot
    16:41:44.0156 2444 ============================================================
    16:41:47.0718 2444 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
    16:41:47.0843 2444 Drive \Device\Harddisk1\DR4 - Size: 0x1DEC00000, SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:41:47.0906 2444 Initialize success
    16:41:52.0734 2676 ============================================================
    16:41:52.0734 2676 Scan started
    16:41:52.0734 2676 Mode: Manual;
    16:41:52.0734 2676 ============================================================
    16:41:53.0015 2676 Abiosdsk - ok
    16:41:53.0093 2676 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    16:41:53.0218 2676 abp480n5 - ok
    16:41:53.0312 2676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:41:53.0312 2676 ACPI - ok
    16:41:53.0375 2676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    16:41:53.0546 2676 ACPIEC - ok
    16:41:53.0578 2676 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    16:41:53.0781 2676 adpu160m - ok
    16:41:53.0859 2676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    16:41:54.0078 2676 aec - ok
    16:41:54.0125 2676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    16:41:56.0000 2676 AFD - ok
    16:41:56.0031 2676 AFGMp50 - ok
    16:41:56.0093 2676 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
    16:41:56.0250 2676 AFGSp50 - ok
    16:41:56.0296 2676 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    16:41:56.0453 2676 agp440 - ok
    16:41:56.0484 2676 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    16:41:56.0750 2676 agpCPQ - ok
    16:41:56.0781 2676 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    16:41:56.0953 2676 Aha154x - ok
    16:41:56.0968 2676 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    16:41:57.0093 2676 aic78u2 - ok
    16:41:57.0109 2676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    16:41:57.0250 2676 aic78xx - ok
    16:41:57.0296 2676 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    16:41:57.0468 2676 AliIde - ok
    16:41:57.0500 2676 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    16:41:57.0750 2676 alim1541 - ok
    16:41:57.0781 2676 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    16:41:58.0062 2676 amdagp - ok
    16:41:58.0109 2676 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    16:41:58.0265 2676 amsint - ok
    16:41:58.0312 2676 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    16:41:58.0531 2676 Arp1394 - ok
    16:41:58.0562 2676 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    16:41:58.0812 2676 asc - ok
    16:41:58.0843 2676 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    16:41:59.0015 2676 asc3350p - ok
    16:41:59.0062 2676 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    16:41:59.0218 2676 asc3550 - ok
    16:41:59.0281 2676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:41:59.0406 2676 AsyncMac - ok
    16:41:59.0468 2676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:41:59.0734 2676 atapi - ok
    16:41:59.0890 2676 Atdisk - ok
    16:41:59.0953 2676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:42:00.0093 2676 Atmarpc - ok
    16:42:00.0187 2676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:42:00.0343 2676 audstub - ok
    16:42:00.0406 2676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    16:42:00.0578 2676 Beep - ok
    16:42:00.0671 2676 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    16:42:00.0812 2676 cbidf - ok
    16:42:00.0859 2676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:42:00.0890 2676 cbidf2k - ok
    16:42:00.0921 2676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    16:42:01.0093 2676 cd20xrnt - ok
    16:42:01.0156 2676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:42:01.0296 2676 Cdaudio - ok
    16:42:01.0359 2676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    16:42:01.0484 2676 Cdfs - ok
    16:42:01.0546 2676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:42:01.0718 2676 Cdrom - ok
    16:42:01.0765 2676 Changer - ok
    16:42:01.0796 2676 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    16:42:02.0000 2676 CmBatt - ok
    16:42:02.0062 2676 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    16:42:02.0265 2676 CmdIde - ok
    16:42:02.0296 2676 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    16:42:02.0468 2676 Compbatt - ok
    16:42:02.0531 2676 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    16:42:02.0671 2676 Cpqarray - ok
    16:42:02.0750 2676 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    16:42:02.0921 2676 dac2w2k - ok
    16:42:02.0953 2676 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    16:42:03.0093 2676 dac960nt - ok
    16:42:03.0140 2676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    16:42:03.0312 2676 Disk - ok
    16:42:03.0437 2676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    16:42:03.0890 2676 dmboot - ok
    16:42:03.0921 2676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    16:42:04.0281 2676 dmio - ok
    16:42:04.0375 2676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    16:42:04.0531 2676 dmload - ok
    16:42:04.0578 2676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    16:42:04.0703 2676 DMusic - ok
    16:42:04.0906 2676 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    16:42:05.0046 2676 dpti2o - ok
    16:42:05.0078 2676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    16:42:05.0250 2676 drmkaud - ok
    16:42:05.0296 2676 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    16:42:05.0312 2676 E100B - ok
    16:42:05.0343 2676 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
    16:42:05.0453 2676 eabfiltr - ok
    16:42:05.0500 2676 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
    16:42:05.0609 2676 eabusb - ok
    16:42:05.0656 2676 eamon (3b2e8f97b6869c29da023ee75bf585d5) C:\WINDOWS\system32\DRIVERS\eamon.sys
    16:42:05.0765 2676 eamon - ok
    16:42:05.0875 2676 ehdrv (4fad054cbcaa296be7bd2cb77da9d9b4) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    16:42:05.0937 2676 ehdrv - ok
    16:42:05.0984 2676 epfwtdir (d2a915b725845c3eda5a68ed2da74700) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    16:42:06.0203 2676 epfwtdir - ok
    16:42:06.0281 2676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    16:42:06.0484 2676 Fastfat - ok
    16:42:06.0562 2676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    16:42:06.0781 2676 Fdc - ok
    16:42:06.0796 2676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    16:42:06.0953 2676 Fips - ok
    16:42:06.0968 2676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    16:42:07.0156 2676 Flpydisk - ok
    16:42:07.0187 2676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    16:42:07.0500 2676 FltMgr - ok
    16:42:07.0515 2676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:42:07.0718 2676 Fs_Rec - ok
    16:42:07.0750 2676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:42:07.0953 2676 Ftdisk - ok
    16:42:08.0031 2676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    16:42:08.0171 2676 GEARAspiWDM - ok
    16:42:08.0312 2676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:42:08.0578 2676 Gpc - ok
    16:42:08.0718 2676 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    16:42:08.0906 2676 HBtnKey - ok
    16:42:09.0015 2676 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
    16:42:09.0187 2676 HdAudAddService - ok
    16:42:09.0234 2676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:42:09.0234 2676 HDAudBus - ok
    16:42:09.0328 2676 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    16:42:09.0453 2676 hpn - ok
    16:42:09.0500 2676 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    16:42:09.0796 2676 HSFHWAZL - ok
    16:42:09.0890 2676 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    16:42:10.0156 2676 HSF_DPV - ok
    16:42:10.0296 2676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    16:42:10.0296 2676 HTTP - ok
    16:42:10.0375 2676 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    16:42:10.0578 2676 i2omgmt - ok
    16:42:10.0734 2676 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    16:42:10.0921 2676 i2omp - ok
    16:42:10.0984 2676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    16:42:11.0140 2676 i8042prt - ok
    16:42:11.0281 2676 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    16:42:11.0609 2676 ialm - ok
    16:42:11.0703 2676 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    16:42:11.0703 2676 iaStor - ok
    16:42:11.0796 2676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:42:11.0921 2676 Imapi - ok
    16:42:11.0984 2676 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    16:42:12.0140 2676 ini910u - ok
    16:42:12.0250 2676 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    16:42:12.0421 2676 IntelIde - ok
    16:42:12.0484 2676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:42:12.0500 2676 intelppm - ok
    16:42:12.0546 2676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    16:42:12.0703 2676 Ip6Fw - ok
    16:42:12.0750 2676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:42:12.0937 2676 IpFilterDriver - ok
    16:42:12.0984 2676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:42:13.0203 2676 IpInIp - ok
    16:42:13.0265 2676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:42:13.0265 2676 IpNat - ok
    16:42:13.0453 2676 IPSec (810f871596d8a6a3ef870e9efa9af6d7) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:42:13.0484 2676 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 810f871596d8a6a3ef870e9efa9af6d7, Fake md5: 23c74d75e36e7158768dd63d92789a91
    16:42:13.0484 2676 IPSec ( Rootkit.Win32.ZAccess.k ) - infected
    16:42:13.0484 2676 IPSec - detected Rootkit.Win32.ZAccess.k (0)
    16:42:13.0593 2676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:42:13.0796 2676 IRENUM - ok
    16:42:13.0828 2676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:42:13.0968 2676 isapnp - ok
    16:42:14.0046 2676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:42:14.0187 2676 Kbdclass - ok
    16:42:14.0234 2676 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    16:42:14.0421 2676 kbdhid - ok
    16:42:14.0484 2676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    16:42:14.0484 2676 kmixer - ok
    16:42:14.0562 2676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    16:42:14.0765 2676 KSecDD - ok
    16:42:14.0812 2676 lbrtfdc - ok
    16:42:14.0906 2676 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    16:42:15.0015 2676 mdmxsdk - ok
    16:42:15.0046 2676 MEMSWEEP2 - ok
    16:42:15.0078 2676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    16:42:15.0218 2676 mnmdd - ok
    16:42:15.0296 2676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    16:42:15.0546 2676 Modem - ok
    16:42:15.0609 2676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:42:15.0781 2676 Mouclass - ok
    16:42:15.0843 2676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    16:42:16.0125 2676 MountMgr - ok
    16:42:16.0187 2676 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    16:42:16.0281 2676 MpFilter - ok
    16:42:16.0406 2676 MpKsl1e1d91d7 - ok
    16:42:16.0437 2676 MpKsl2a14abc0 - ok
    16:42:16.0515 2676 MpKsl4f451894 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsl4f451894.sys
    16:42:16.0515 2676 MpKsl4f451894 - ok
    16:42:16.0531 2676 MpKsl5e285322 - ok
    16:42:16.0562 2676 MpKsl82e234e9 - ok
    16:42:16.0593 2676 MpKsl83a03ada - ok
    16:42:16.0625 2676 MpKsl88cfca64 - ok
    16:42:16.0656 2676 MpKsl8e9f0038 - ok
    16:42:16.0687 2676 MpKsl910bb69a - ok
    16:42:16.0718 2676 MpKsl973f34f0 - ok
    16:42:16.0750 2676 MpKslaeb8d977 - ok
    16:42:16.0750 2676 MpKslba1ca8c7 - ok
    16:42:16.0781 2676 MpKslc7f4d129 - ok
    16:42:16.0812 2676 MpKsld7fbf661 - ok
    16:42:16.0843 2676 MpKsldcab346e - ok
    16:42:17.0015 2676 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    16:42:17.0140 2676 mraid35x - ok
    16:42:17.0218 2676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:42:17.0468 2676 MRxDAV - ok
    16:42:17.0546 2676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:42:17.0828 2676 MRxSmb - ok
    16:42:17.0906 2676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    16:42:18.0046 2676 Msfs - ok
    16:42:18.0109 2676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:42:18.0312 2676 MSKSSRV - ok
    16:42:18.0359 2676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:42:18.0515 2676 MSPCLOCK - ok
    16:42:18.0593 2676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    16:42:18.0765 2676 MSPQM - ok
    16:42:18.0843 2676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:42:18.0843 2676 mssmbios - ok
    16:42:18.0890 2676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    16:42:19.0093 2676 Mup - ok
    16:42:19.0140 2676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    16:42:19.0359 2676 NDIS - ok
    16:42:19.0406 2676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:42:19.0578 2676 NdisTapi - ok
    16:42:19.0750 2676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:42:19.0937 2676 Ndisuio - ok
    16:42:19.0984 2676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:42:20.0187 2676 NdisWan - ok
    16:42:20.0265 2676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    16:42:20.0406 2676 NDProxy - ok
    16:42:20.0437 2676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:42:20.0687 2676 NetBIOS - ok
    16:42:20.0765 2676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:42:20.0968 2676 NetBT - ok
    16:42:21.0046 2676 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    16:42:21.0296 2676 NIC1394 - ok
    16:42:21.0359 2676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    16:42:21.0593 2676 Npfs - ok
    16:42:21.0703 2676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    16:42:21.0937 2676 Ntfs - ok
    16:42:22.0046 2676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    16:42:22.0203 2676 Null - ok
    16:42:22.0265 2676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:42:22.0406 2676 NwlnkFlt - ok
    16:42:22.0437 2676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:42:22.0578 2676 NwlnkFwd - ok
    16:42:22.0625 2676 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    16:42:22.0640 2676 ohci1394 - ok
    16:42:22.0718 2676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    16:42:22.0984 2676 Parport - ok
    16:42:23.0109 2676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    16:42:23.0328 2676 PartMgr - ok
    16:42:23.0390 2676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    16:42:23.0515 2676 ParVdm - ok
    16:42:23.0562 2676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    16:42:23.0687 2676 PCI - ok
    16:42:23.0734 2676 PCIDump - ok
    16:42:23.0765 2676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:42:23.0968 2676 PCIIde - ok
    16:42:24.0000 2676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    16:42:24.0375 2676 Pcmcia - ok
    16:42:24.0406 2676 PDCOMP - ok
    16:42:24.0437 2676 PDFRAME - ok
    16:42:24.0453 2676 PDRELI - ok
    16:42:24.0484 2676 PDRFRAME - ok
    16:42:24.0515 2676 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    16:42:24.0656 2676 perc2 - ok
    16:42:24.0687 2676 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    16:42:24.0859 2676 perc2hib - ok
    16:42:24.0984 2676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:42:25.0250 2676 PptpMiniport - ok
    16:42:25.0281 2676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    16:42:25.0609 2676 PSched - ok
    16:42:25.0656 2676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:42:25.0828 2676 Ptilink - ok
    16:42:25.0859 2676 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:42:26.0031 2676 PxHelp20 - ok
    16:42:26.0062 2676 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    16:42:26.0218 2676 ql1080 - ok
    16:42:26.0265 2676 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    16:42:26.0468 2676 Ql10wnt - ok
    16:42:26.0500 2676 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    16:42:26.0671 2676 ql12160 - ok
    16:42:26.0703 2676 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    16:42:26.0859 2676 ql1240 - ok
    16:42:26.0890 2676 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    16:42:27.0031 2676 ql1280 - ok
    16:42:27.0078 2676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:42:27.0234 2676 RasAcd - ok
    16:42:27.0343 2676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:42:27.0500 2676 Rasl2tp - ok
    16:42:27.0578 2676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:42:27.0843 2676 RasPppoe - ok
    16:42:27.0875 2676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:42:28.0015 2676 Raspti - ok
    16:42:28.0093 2676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:42:28.0406 2676 Rdbss - ok
    16:42:28.0453 2676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:42:28.0640 2676 RDPCDD - ok
    16:42:28.0734 2676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    16:42:28.0968 2676 rdpdr - ok
    16:42:29.0031 2676 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    16:42:29.0312 2676 RDPWD - ok
    16:42:29.0375 2676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:42:29.0515 2676 redbook - ok
    16:42:29.0578 2676 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    16:42:29.0781 2676 rimmptsk - ok
    16:42:29.0828 2676 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    16:42:29.0968 2676 rimsptsk - ok
    16:42:30.0000 2676 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    16:42:30.0296 2676 rismxdp - ok
    16:42:30.0328 2676 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    16:42:30.0468 2676 rtl8139 - ok
    16:42:30.0593 2676 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    16:42:35.0296 2676 SASDIFSV - ok
    16:42:35.0359 2676 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    16:42:35.0515 2676 SASKUTIL - ok
    16:42:35.0656 2676 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    16:42:36.0015 2676 sdbus - ok
    16:42:36.0078 2676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:42:36.0218 2676 Secdrv - ok
    16:42:36.0328 2676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    16:42:36.0468 2676 Serial - ok
    16:42:36.0578 2676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:42:36.0703 2676 Sfloppy - ok
    16:42:36.0796 2676 Simbad - ok
    16:42:36.0859 2676 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    16:42:37.0093 2676 sisagp - ok
    16:42:37.0140 2676 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    16:42:37.0312 2676 Sparrow - ok
    16:42:37.0375 2676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    16:42:37.0609 2676 splitter - ok
    16:42:37.0640 2676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    16:42:37.0921 2676 sr - ok
    16:42:37.0968 2676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    16:42:38.0187 2676 Srv - ok
    16:42:38.0265 2676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:42:38.0421 2676 swenum - ok
    16:42:38.0593 2676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    16:42:38.0734 2676 swmidi - ok
    16:42:38.0781 2676 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    16:42:38.0921 2676 symc810 - ok
    16:42:39.0000 2676 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    16:42:39.0171 2676 symc8xx - ok
    16:42:39.0234 2676 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    16:42:39.0375 2676 sym_hi - ok
    16:42:39.0406 2676 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    16:42:39.0625 2676 sym_u3 - ok
    16:42:39.0656 2676 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    16:42:39.0968 2676 SynTP - ok
    16:42:40.0046 2676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    16:42:40.0187 2676 sysaudio - ok
    16:42:40.0250 2676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:42:40.0515 2676 Tcpip - ok
    16:42:40.0609 2676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:42:45.0312 2676 TDPIPE - ok
    16:42:45.0375 2676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    16:42:45.0546 2676 TDTCP - ok
    16:42:45.0593 2676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:42:45.0843 2676 TermDD - ok
    16:42:45.0921 2676 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    16:42:46.0078 2676 TosIde - ok
    16:42:46.0125 2676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    16:42:46.0265 2676 Udfs - ok
    16:42:46.0296 2676 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    16:42:46.0453 2676 ultra - ok
    16:42:46.0546 2676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    16:42:46.0765 2676 Update - ok
    16:42:47.0015 2676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:42:47.0156 2676 usbehci - ok
    16:42:47.0218 2676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:42:47.0343 2676 usbhub - ok
    16:42:47.0437 2676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:42:47.0437 2676 USBSTOR - ok
    16:42:47.0500 2676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:42:47.0656 2676 usbuhci - ok
    16:42:47.0703 2676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    16:42:47.0890 2676 VgaSave - ok
    16:42:47.0953 2676 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    16:42:48.0281 2676 viaagp - ok
    16:42:48.0390 2676 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    16:42:48.0562 2676 ViaIde - ok
    16:42:48.0593 2676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    16:42:48.0734 2676 VolSnap - ok
    16:42:48.0875 2676 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    16:42:48.0968 2676 w39n51 - ok
    16:42:49.0078 2676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:42:49.0250 2676 Wanarp - ok
    16:42:49.0265 2676 WDICA - ok
    16:42:49.0343 2676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    16:42:49.0562 2676 wdmaud - ok
    16:42:49.0625 2676 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    16:42:49.0859 2676 winachsf - ok
    16:42:50.0031 2676 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    16:42:50.0031 2676 WmiAcpi - ok
    16:42:50.0156 2676 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
    16:42:50.0187 2676 \Device\Harddisk0\DR0 - ok
    16:42:50.0203 2676 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR4
    16:42:51.0000 2676 \Device\Harddisk1\DR4 - ok
    16:42:51.0000 2676 Boot (0x1200) (3844da1323da653c03fdd5e7878943bf) \Device\Harddisk0\DR0\Partition0
    16:42:51.0000 2676 \Device\Harddisk0\DR0\Partition0 - ok
    16:42:51.0031 2676 Boot (0x1200) (e0d990ba7fb54c04f5723e1569fc7d5a) \Device\Harddisk0\DR0\Partition1
    16:42:51.0031 2676 \Device\Harddisk0\DR0\Partition1 - ok
    16:42:51.0046 2676 Boot (0x1200) (54226858b337dc9f7931af7be29f84a9) \Device\Harddisk1\DR4\Partition0
    16:42:51.0046 2676 \Device\Harddisk1\DR4\Partition0 - ok
    16:42:51.0046 2676 ============================================================
    16:42:51.0046 2676 Scan finished
    16:42:51.0046 2676 ============================================================
    16:42:51.0078 2672 Detected object count: 1
    16:42:51.0078 2672 Actual detected object count: 1
    16:43:03.0156 2672 Backup copy not found, trying to cure infected file..
    16:43:03.0625 2672 Cure success, using it..
    16:43:04.0187 2672 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
    16:43:07.0484 2672 IPSec ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
    16:43:21.0546 2652 Deinitialize success


    ComboFix 12-01-12.04 - Tasha 01/17/2012 17:14:52.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.787 [GMT -5:00]
    Running from: c:\documents and settings\Tasha\Desktop\ComboFix.com
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\lmhosts
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-17 21:46 . 2012-01-17 21:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsle202ba0f.sys
    2012-01-17 21:34 . 2012-01-17 21:34 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsl4f451894.sys
    2012-01-17 21:33 . 2012-01-17 21:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\offreg.dll
    2012-01-16 21:36 . 2012-01-16 21:36 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsl948a871e.sys
    2012-01-16 20:51 . 2012-01-16 20:51 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsl81fc9577.sys
    2012-01-16 20:40 . 2012-01-16 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
    2012-01-16 18:14 . 2012-01-16 18:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsle0a57e03.sys
    2012-01-15 23:31 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\mpengine.dll
    2012-01-15 23:20 . 2012-01-15 23:20 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-15 22:45 . 2012-01-15 22:45 -------- d-----w- c:\windows\system32\LogFiles
    2012-01-15 21:37 . 2012-01-16 20:42 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-01-15 21:19 . 2012-01-15 21:19 -------- d-sh--w- c:\documents and settings\Tasha\IECompatCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-17 21:45 . 2004-08-04 21:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-12-10 20:24 . 2011-07-22 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 21:57 . 2004-08-04 21:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-04 21:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-04 21:00 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-15 19:29 . 2011-07-22 19:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-10 10:54 . 2011-07-22 18:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 08:27 . 2011-07-22 18:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20 . 2004-08-04 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 21:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2005-08-30 11:54 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-03 15:28 . 2004-08-04 21:00 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-01 16:07 . 2004-08-04 21:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 21:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2004-08-04 21:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-04 21:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
    [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
    [7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    .
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [7] 2004-08-04 21:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
    .
    [-] 2012-01-17 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
    [7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
    [7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
    [7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
    .
    [-] 2012-01-17 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
    .
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    [7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
    .
    [-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [7] 2004-08-04 21:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [7] 2004-08-04 21:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [7] 2004-08-04 21:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
    [7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
    [7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
    [7] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
    [7] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
    [7] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-23 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 23:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 2:18 PM 107256]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4/9/2009 2:21 PM 94360]
    R1 MpKsl4f451894;MpKsl4f451894;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsl4f451894.sys [1/17/2012 4:34 PM 29904]
    R1 MpKsle202ba0f;MpKsle202ba0f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F836D76-0194-4BE6-85DE-628653745B4B}\MpKsle202ba0f.sys [1/17/2012 4:46 PM 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4/9/2009 2:19 PM 731840]
    S1 MpKsl1e1d91d7;MpKsl1e1d91d7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl1e1d91d7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl1e1d91d7.sys [?]
    S1 MpKsl2a14abc0;MpKsl2a14abc0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42223CA-C68D-4E66-8EBC-2BCCAF3008DF}\MpKsl2a14abc0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42223CA-C68D-4E66-8EBC-2BCCAF3008DF}\MpKsl2a14abc0.sys [?]
    S1 MpKsl5e285322;MpKsl5e285322;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl5e285322.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl5e285322.sys [?]
    S1 MpKsl82e234e9;MpKsl82e234e9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl82e234e9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl82e234e9.sys [?]
    S1 MpKsl83a03ada;MpKsl83a03ada;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl83a03ada.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl83a03ada.sys [?]
    S1 MpKsl88cfca64;MpKsl88cfca64;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11742BCE-DF7D-40B2-8F4E-F4C805953164}\MpKsl88cfca64.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11742BCE-DF7D-40B2-8F4E-F4C805953164}\MpKsl88cfca64.sys [?]
    S1 MpKsl8e9f0038;MpKsl8e9f0038;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl8e9f0038.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl8e9f0038.sys [?]
    S1 MpKsl910bb69a;MpKsl910bb69a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl910bb69a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl910bb69a.sys [?]
    S1 MpKsl973f34f0;MpKsl973f34f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl973f34f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl973f34f0.sys [?]
    S1 MpKslaeb8d977;MpKslaeb8d977;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F8E6B89-9F23-477A-8E5E-AB254F8680B6}\MpKslaeb8d977.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F8E6B89-9F23-477A-8E5E-AB254F8680B6}\MpKslaeb8d977.sys [?]
    S1 MpKslba1ca8c7;MpKslba1ca8c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslba1ca8c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslba1ca8c7.sys [?]
    S1 MpKslc7f4d129;MpKslc7f4d129;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslc7f4d129.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslc7f4d129.sys [?]
    S1 MpKsld7fbf661;MpKsld7fbf661;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsld7fbf661.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsld7fbf661.sys [?]
    S1 MpKsldcab346e;MpKsldcab346e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsldcab346e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsldcab346e.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 3:21 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 3:21 PM 135664]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26A.tmp --> c:\windows\system32\26A.tmp [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 95842589
    *NewlyCreated* - MPKSLE202BA0F
    *Deregistered* - 95842589
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2011-07-20 c:\windows\Tasks\DriverCure.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
    .
    2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:21]
    .
    2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:21]
    .
    2012-01-17 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
    .
    2012-01-15 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
    .
    2010-02-05 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.88.22.37 10.88.22.38 10.88.28.75 10.72.140.33
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-95842589.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-01-17 17:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\????????@???????@
    .
    scanning hidden files ...
    .
    .
    c:\windows\$NtUninstallKB14200$:SummaryInformation 0 bytes hidden from API
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\26A.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(872)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-01-17 17:20:05
    ComboFix-quarantined-files.txt 2012-01-17 22:20
    .
    Pre-Run: 44,086,128,640 bytes free
    Post-Run: 44,982,988,800 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 8AA22003C6049D158CE3EC697A799431


    exeHelper by Raktor
    Build 20100414
    Run at 17:22:42 on 01/17/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Please do the same steps again this time don't turn back on your Antivirus and see what happens. Are you able to burn CD's and have a USB Flash drive?

    Before doing those things again please do the following.
    I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either MSE or Eset.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Sep 2005
    Location
    Cleveland, OH
    Posts
    143
    Points
    2

    Default

    Hello,

    I am able to burn CD's and have access to a USB flash drive.

    I have left ESET disabled and removed MSE.

    I re-ran the scans and attached the logs below. The desktop icons are back and the laptop "seems" to be running better.


    13:48:13.0421 0344 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
    13:48:13.0437 0344 ============================================================
    13:48:13.0437 0344 Current date / time: 2012/01/18 13:48:13.0437
    13:48:13.0437 0344 SystemInfo:
    13:48:13.0437 0344
    13:48:13.0437 0344 OS Version: 5.1.2600 ServicePack: 3.0
    13:48:13.0437 0344 Product type: Workstation
    13:48:13.0437 0344 ComputerName: OLIVIA
    13:48:13.0437 0344 UserName: Tasha
    13:48:13.0437 0344 Windows directory: C:\WINDOWS
    13:48:13.0437 0344 System windows directory: C:\WINDOWS
    13:48:13.0437 0344 Processor architecture: Intel x86
    13:48:13.0437 0344 Number of processors: 1
    13:48:13.0437 0344 Page size: 0x1000
    13:48:13.0437 0344 Boot type: Normal boot
    13:48:13.0437 0344 ============================================================
    13:48:14.0500 0344 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
    13:48:14.0578 0344 Initialize success
    13:48:19.0250 2288 ============================================================
    13:48:19.0250 2288 Scan started
    13:48:19.0250 2288 Mode: Manual;
    13:48:19.0250 2288 ============================================================
    13:48:19.0406 2288 Abiosdsk - ok
    13:48:19.0468 2288 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    13:48:19.0531 2288 abp480n5 - ok
    13:48:19.0593 2288 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:48:19.0609 2288 ACPI - ok
    13:48:19.0625 2288 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    13:48:19.0687 2288 ACPIEC - ok
    13:48:19.0750 2288 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    13:48:19.0828 2288 adpu160m - ok
    13:48:19.0875 2288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    13:48:19.0937 2288 aec - ok
    13:48:20.0000 2288 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    13:48:20.0046 2288 AFD - ok
    13:48:20.0062 2288 AFGMp50 - ok
    13:48:20.0125 2288 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
    13:48:20.0125 2288 AFGSp50 - ok
    13:48:20.0156 2288 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    13:48:20.0218 2288 agp440 - ok
    13:48:20.0250 2288 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    13:48:20.0375 2288 agpCPQ - ok
    13:48:20.0390 2288 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    13:48:20.0453 2288 Aha154x - ok
    13:48:20.0468 2288 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    13:48:20.0531 2288 aic78u2 - ok
    13:48:20.0562 2288 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    13:48:20.0609 2288 aic78xx - ok
    13:48:20.0640 2288 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    13:48:20.0671 2288 AliIde - ok
    13:48:20.0687 2288 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    13:48:20.0750 2288 alim1541 - ok
    13:48:20.0765 2288 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    13:48:20.0812 2288 amdagp - ok
    13:48:20.0843 2288 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    13:48:20.0859 2288 amsint - ok
    13:48:20.0890 2288 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    13:48:20.0953 2288 Arp1394 - ok
    13:48:20.0968 2288 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    13:48:21.0000 2288 asc - ok
    13:48:21.0015 2288 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    13:48:21.0046 2288 asc3350p - ok
    13:48:21.0093 2288 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    13:48:21.0109 2288 asc3550 - ok
    13:48:21.0140 2288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:48:21.0156 2288 AsyncMac - ok
    13:48:21.0203 2288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:48:21.0218 2288 atapi - ok
    13:48:21.0250 2288 Atdisk - ok
    13:48:21.0281 2288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:48:21.0312 2288 Atmarpc - ok
    13:48:21.0390 2288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:48:21.0406 2288 audstub - ok
    13:48:21.0468 2288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    13:48:21.0484 2288 Beep - ok
    13:48:21.0671 2288 catchme - ok
    13:48:21.0703 2288 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    13:48:21.0734 2288 cbidf - ok
    13:48:21.0750 2288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:48:21.0750 2288 cbidf2k - ok
    13:48:21.0796 2288 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    13:48:21.0828 2288 cd20xrnt - ok
    13:48:21.0859 2288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:48:21.0890 2288 Cdaudio - ok
    13:48:21.0937 2288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    13:48:21.0937 2288 Cdfs - ok
    13:48:21.0984 2288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:48:22.0015 2288 Cdrom - ok
    13:48:22.0046 2288 Changer - ok
    13:48:22.0125 2288 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    13:48:22.0203 2288 CmBatt - ok
    13:48:22.0250 2288 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    13:48:22.0312 2288 CmdIde - ok
    13:48:22.0328 2288 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    13:48:22.0390 2288 Compbatt - ok
    13:48:22.0421 2288 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    13:48:22.0484 2288 Cpqarray - ok
    13:48:22.0515 2288 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    13:48:22.0578 2288 dac2w2k - ok
    13:48:22.0593 2288 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    13:48:22.0625 2288 dac960nt - ok
    13:48:22.0671 2288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    13:48:22.0703 2288 Disk - ok
    13:48:22.0796 2288 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    13:48:22.0937 2288 dmboot - ok
    13:48:23.0031 2288 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    13:48:23.0078 2288 dmio - ok
    13:48:23.0187 2288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    13:48:23.0250 2288 dmload - ok
    13:48:23.0312 2288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    13:48:23.0312 2288 DMusic - ok
    13:48:23.0375 2288 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    13:48:23.0437 2288 dpti2o - ok
    13:48:23.0468 2288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    13:48:23.0515 2288 drmkaud - ok
    13:48:23.0562 2288 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    13:48:23.0562 2288 E100B - ok
    13:48:23.0593 2288 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
    13:48:23.0593 2288 eabfiltr - ok
    13:48:23.0640 2288 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
    13:48:23.0640 2288 eabusb - ok
    13:48:23.0703 2288 eamon (3b2e8f97b6869c29da023ee75bf585d5) C:\WINDOWS\system32\DRIVERS\eamon.sys
    13:48:23.0703 2288 eamon - ok
    13:48:23.0734 2288 ehdrv (4fad054cbcaa296be7bd2cb77da9d9b4) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    13:48:23.0750 2288 ehdrv - ok
    13:48:23.0796 2288 epfwtdir (d2a915b725845c3eda5a68ed2da74700) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    13:48:23.0859 2288 epfwtdir - ok
    13:48:23.0890 2288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    13:48:23.0921 2288 Fastfat - ok
    13:48:23.0968 2288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    13:48:24.0015 2288 Fdc - ok
    13:48:24.0046 2288 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    13:48:24.0125 2288 Fips - ok
    13:48:24.0140 2288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    13:48:24.0203 2288 Flpydisk - ok
    13:48:24.0250 2288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    13:48:24.0312 2288 FltMgr - ok
    13:48:24.0359 2288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:48:24.0375 2288 Fs_Rec - ok
    13:48:24.0484 2288 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:48:24.0515 2288 Ftdisk - ok
    13:48:24.0562 2288 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    13:48:24.0562 2288 GEARAspiWDM - ok
    13:48:24.0640 2288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:48:24.0687 2288 Gpc - ok
    13:48:24.0750 2288 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    13:48:24.0796 2288 HBtnKey - ok
    13:48:24.0890 2288 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
    13:48:24.0984 2288 HdAudAddService - ok
    13:48:25.0015 2288 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    13:48:25.0015 2288 HDAudBus - ok
    13:48:25.0062 2288 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    13:48:25.0093 2288 hpn - ok
    13:48:25.0125 2288 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    13:48:25.0203 2288 HSFHWAZL - ok
    13:48:25.0265 2288 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    13:48:25.0375 2288 HSF_DPV - ok
    13:48:25.0546 2288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    13:48:25.0625 2288 HTTP - ok
    13:48:25.0687 2288 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    13:48:25.0750 2288 i2omgmt - ok
    13:48:25.0765 2288 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    13:48:25.0843 2288 i2omp - ok
    13:48:25.0875 2288 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:48:25.0968 2288 i8042prt - ok
    13:48:26.0093 2288 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    13:48:26.0156 2288 ialm - ok
    13:48:26.0234 2288 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    13:48:26.0250 2288 iaStor - ok
    13:48:26.0296 2288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:48:26.0359 2288 Imapi - ok
    13:48:26.0421 2288 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    13:48:26.0468 2288 ini910u - ok
    13:48:26.0500 2288 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    13:48:26.0578 2288 IntelIde - ok
    13:48:26.0656 2288 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:48:26.0656 2288 intelppm - ok
    13:48:26.0843 2288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    13:48:26.0953 2288 Ip6Fw - ok
    13:48:26.0984 2288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:48:27.0093 2288 IpFilterDriver - ok
    13:48:27.0140 2288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:48:27.0234 2288 IpInIp - ok
    13:48:27.0281 2288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:48:27.0281 2288 IpNat - ok
    13:48:27.0359 2288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:48:27.0500 2288 IPSec - ok
    13:48:27.0531 2288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:48:27.0562 2288 IRENUM - ok
    13:48:27.0593 2288 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:48:27.0609 2288 isapnp - ok
    13:48:27.0671 2288 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:48:27.0687 2288 Kbdclass - ok
    13:48:27.0718 2288 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:48:27.0750 2288 kbdhid - ok
    13:48:27.0781 2288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    13:48:27.0781 2288 kmixer - ok
    13:48:27.0843 2288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    13:48:27.0875 2288 KSecDD - ok
    13:48:27.0906 2288 lbrtfdc - ok
    13:48:27.0968 2288 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    13:48:27.0984 2288 mdmxsdk - ok
    13:48:28.0062 2288 MEMSWEEP2 - ok
    13:48:28.0140 2288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    13:48:28.0171 2288 mnmdd - ok
    13:48:28.0203 2288 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    13:48:28.0281 2288 Modem - ok
    13:48:28.0296 2288 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:48:28.0343 2288 Mouclass - ok
    13:48:28.0375 2288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    13:48:28.0453 2288 MountMgr - ok
    13:48:28.0484 2288 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    13:48:28.0484 2288 MpFilter - ok
    13:48:28.0562 2288 MpKsl1e1d91d7 - ok
    13:48:28.0578 2288 MpKsl2a14abc0 - ok
    13:48:28.0578 2288 MpKsl5e285322 - ok
    13:48:28.0593 2288 MpKsl82e234e9 - ok
    13:48:28.0609 2288 MpKsl83a03ada - ok
    13:48:28.0609 2288 MpKsl88cfca64 - ok
    13:48:28.0625 2288 MpKsl8e9f0038 - ok
    13:48:28.0625 2288 MpKsl910bb69a - ok
    13:48:28.0640 2288 MpKsl973f34f0 - ok
    13:48:28.0640 2288 MpKslaeb8d977 - ok
    13:48:28.0718 2288 MpKslaf6b9ba2 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21FFB289-3E23-437E-9F32-897A88BAF6F6}\MpKslaf6b9ba2.sys
    13:48:28.0718 2288 MpKslaf6b9ba2 - ok
    13:48:28.0718 2288 MpKslba1ca8c7 - ok
    13:48:28.0734 2288 MpKslc7f4d129 - ok
    13:48:28.0734 2288 MpKsld7fbf661 - ok
    13:48:28.0750 2288 MpKsldcab346e - ok
    13:48:28.0796 2288 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    13:48:28.0812 2288 mraid35x - ok
    13:48:28.0859 2288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:48:28.0906 2288 MRxDAV - ok
    13:48:28.0968 2288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:48:29.0015 2288 MRxSmb - ok
    13:48:29.0093 2288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    13:48:29.0125 2288 Msfs - ok
    13:48:29.0187 2288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:48:29.0234 2288 MSKSSRV - ok
    13:48:29.0281 2288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:48:29.0312 2288 MSPCLOCK - ok
    13:48:29.0453 2288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    13:48:29.0484 2288 MSPQM - ok
    13:48:29.0531 2288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:48:29.0531 2288 mssmbios - ok
    13:48:29.0578 2288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    13:48:29.0640 2288 Mup - ok
    13:48:29.0687 2288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    13:48:29.0703 2288 NDIS - ok
    13:48:29.0765 2288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:48:29.0828 2288 NdisTapi - ok
    13:48:29.0875 2288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:48:29.0953 2288 Ndisuio - ok
    13:48:29.0984 2288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:48:30.0046 2288 NdisWan - ok
    13:48:30.0078 2288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    13:48:30.0109 2288 NDProxy - ok
    13:48:30.0125 2288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:48:30.0171 2288 NetBIOS - ok
    13:48:30.0218 2288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:48:30.0250 2288 NetBT - ok
    13:48:30.0296 2288 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    13:48:30.0359 2288 NIC1394 - ok
    13:48:30.0406 2288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    13:48:30.0453 2288 Npfs - ok
    13:48:30.0484 2288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    13:48:30.0531 2288 Ntfs - ok
    13:48:30.0609 2288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    13:48:30.0640 2288 Null - ok
    13:48:30.0781 2288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:48:30.0812 2288 NwlnkFlt - ok
    13:48:30.0843 2288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:48:30.0875 2288 NwlnkFwd - ok
    13:48:30.0921 2288 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    13:48:30.0921 2288 ohci1394 - ok
    13:48:30.0968 2288 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    13:48:31.0015 2288 Parport - ok
    13:48:31.0031 2288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    13:48:31.0093 2288 PartMgr - ok
    13:48:31.0140 2288 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    13:48:31.0203 2288 ParVdm - ok
    13:48:31.0234 2288 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    13:48:31.0312 2288 PCI - ok
    13:48:31.0328 2288 PCIDump - ok
    13:48:31.0343 2288 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    13:48:31.0406 2288 PCIIde - ok
    13:48:31.0421 2288 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    13:48:31.0593 2288 Pcmcia - ok
    13:48:31.0609 2288 PDCOMP - ok
    13:48:31.0625 2288 PDFRAME - ok
    13:48:31.0640 2288 PDRELI - ok
    13:48:31.0656 2288 PDRFRAME - ok
    13:48:31.0671 2288 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    13:48:31.0687 2288 perc2 - ok
    13:48:31.0703 2288 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    13:48:31.0734 2288 perc2hib - ok
    13:48:31.0812 2288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:48:31.0859 2288 PptpMiniport - ok
    13:48:31.0875 2288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    13:48:31.0968 2288 PSched - ok
    13:48:31.0984 2288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:48:32.0000 2288 Ptilink - ok
    13:48:32.0015 2288 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    13:48:32.0046 2288 PxHelp20 - ok
    13:48:32.0062 2288 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    13:48:32.0109 2288 ql1080 - ok
    13:48:32.0125 2288 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    13:48:32.0156 2288 Ql10wnt - ok
    13:48:32.0171 2288 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    13:48:32.0187 2288 ql12160 - ok
    13:48:32.0203 2288 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    13:48:32.0250 2288 ql1240 - ok
    13:48:32.0265 2288 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    13:48:32.0296 2288 ql1280 - ok
    13:48:32.0328 2288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:48:32.0343 2288 RasAcd - ok
    13:48:32.0390 2288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:48:32.0421 2288 Rasl2tp - ok
    13:48:32.0453 2288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:48:32.0500 2288 RasPppoe - ok
    13:48:32.0531 2288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:48:32.0546 2288 Raspti - ok
    13:48:32.0578 2288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:48:32.0671 2288 Rdbss - ok
    13:48:32.0671 2288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:48:32.0703 2288 RDPCDD - ok
    13:48:32.0796 2288 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    13:48:32.0812 2288 rdpdr - ok
    13:48:32.0859 2288 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    13:48:32.0890 2288 RDPWD - ok
    13:48:32.0937 2288 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:48:32.0968 2288 redbook - ok
    13:48:33.0031 2288 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    13:48:33.0078 2288 rimmptsk - ok
    13:48:33.0203 2288 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    13:48:33.0234 2288 rimsptsk - ok
    13:48:33.0250 2288 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    13:48:33.0343 2288 rismxdp - ok
    13:48:33.0421 2288 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    13:48:33.0468 2288 rtl8139 - ok
    13:48:33.0593 2288 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    13:48:33.0718 2288 SASDIFSV - ok
    13:48:33.0734 2288 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    13:48:33.0828 2288 SASKUTIL - ok
    13:48:33.0890 2288 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    13:48:34.0046 2288 sdbus - ok
    13:48:34.0078 2288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:48:34.0125 2288 Secdrv - ok
    13:48:34.0203 2288 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    13:48:34.0281 2288 Serial - ok
    13:48:34.0343 2288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:48:34.0375 2288 Sfloppy - ok
    13:48:34.0406 2288 Simbad - ok
    13:48:34.0453 2288 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    13:48:34.0546 2288 sisagp - ok
    13:48:34.0593 2288 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    13:48:34.0625 2288 Sparrow - ok
    13:48:34.0765 2288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    13:48:34.0812 2288 splitter - ok
    13:48:34.0828 2288 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    13:48:34.0937 2288 sr - ok
    13:48:35.0000 2288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    13:48:35.0062 2288 Srv - ok
    13:48:35.0109 2288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:48:35.0171 2288 swenum - ok
    13:48:35.0187 2288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    13:48:35.0265 2288 swmidi - ok
    13:48:35.0296 2288 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    13:48:35.0343 2288 symc810 - ok
    13:48:35.0406 2288 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    13:48:35.0453 2288 symc8xx - ok
    13:48:35.0468 2288 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    13:48:35.0515 2288 sym_hi - ok
    13:48:35.0531 2288 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    13:48:35.0578 2288 sym_u3 - ok
    13:48:35.0625 2288 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    13:48:35.0671 2288 SynTP - ok
    13:48:35.0687 2288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    13:48:35.0703 2288 sysaudio - ok
    13:48:35.0781 2288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:48:35.0828 2288 Tcpip - ok
    13:48:35.0890 2288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:48:35.0953 2288 TDPIPE - ok
    13:48:35.0984 2288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    13:48:36.0031 2288 TDTCP - ok
    13:48:36.0062 2288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:48:36.0187 2288 TermDD - ok
    13:48:36.0265 2288 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    13:48:36.0343 2288 TosIde - ok
    13:48:36.0421 2288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    13:48:36.0468 2288 Udfs - ok
    13:48:36.0500 2288 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    13:48:36.0609 2288 ultra - ok
    13:48:36.0703 2288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    13:48:36.0750 2288 Update - ok
    13:48:36.0906 2288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:48:36.0921 2288 usbehci - ok
    13:48:36.0953 2288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:48:36.0984 2288 usbhub - ok
    13:48:37.0046 2288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:48:37.0093 2288 USBSTOR - ok
    13:48:37.0125 2288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:48:37.0171 2288 usbuhci - ok
    13:48:37.0203 2288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    13:48:37.0265 2288 VgaSave - ok
    13:48:37.0296 2288 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    13:48:37.0421 2288 viaagp - ok
    13:48:37.0453 2288 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    13:48:37.0515 2288 ViaIde - ok
    13:48:37.0546 2288 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    13:48:37.0578 2288 VolSnap - ok
    13:48:37.0687 2288 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    13:48:37.0734 2288 w39n51 - ok
    13:48:37.0812 2288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:48:37.0843 2288 Wanarp - ok
    13:48:37.0953 2288 WDICA - ok
    13:48:38.0000 2288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    13:48:38.0046 2288 wdmaud - ok
    13:48:38.0125 2288 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    13:48:38.0218 2288 winachsf - ok
    13:48:38.0296 2288 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    13:48:38.0296 2288 WmiAcpi - ok
    13:48:38.0359 2288 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    13:48:38.0390 2288 WS2IFSL - ok
    13:48:38.0468 2288 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
    13:48:38.0484 2288 \Device\Harddisk0\DR0 - ok
    13:48:38.0500 2288 Boot (0x1200) (3844da1323da653c03fdd5e7878943bf) \Device\Harddisk0\DR0\Partition0
    13:48:38.0500 2288 \Device\Harddisk0\DR0\Partition0 - ok
    13:48:38.0531 2288 Boot (0x1200) (80e701dda9dae1664f91e5c8cc804334) \Device\Harddisk0\DR0\Partition1
    13:48:38.0531 2288 \Device\Harddisk0\DR0\Partition1 - ok
    13:48:38.0531 2288 ============================================================
    13:48:38.0531 2288 Scan finished
    13:48:38.0531 2288 ============================================================
    13:48:38.0546 2324 Detected object count: 0
    13:48:38.0546 2324 Actual detected object count: 0
    13:48:51.0421 0348 Deinitialize success



    ComboFix 12-01-12.04 - Tasha 01/18/2012 14:13:20.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.783 [GMT -5:00]
    Running from: c:\documents and settings\Tasha\Desktop\ComboFix.com
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-18 18:42 . 2012-01-18 18:42 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21FFB289-3E23-437E-9F32-897A88BAF6F6}\MpKslaf6b9ba2.sys
    2012-01-18 18:42 . 2012-01-18 18:42 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21FFB289-3E23-437E-9F32-897A88BAF6F6}\offreg.dll
    2012-01-17 22:25 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21FFB289-3E23-437E-9F32-897A88BAF6F6}\mpengine.dll
    2012-01-16 20:40 . 2012-01-16 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
    2012-01-15 23:20 . 2012-01-15 23:20 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-15 22:45 . 2012-01-15 22:45 -------- d-----w- c:\windows\system32\LogFiles
    2012-01-15 21:37 . 2012-01-16 20:42 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-01-15 21:19 . 2012-01-15 21:19 -------- d-sh--w- c:\documents and settings\Tasha\IECompatCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-17 21:45 . 2004-08-04 21:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-12-10 20:24 . 2011-07-22 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 21:57 . 2004-08-04 21:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-04 21:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-04 21:00 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-15 19:29 . 2011-07-22 19:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-10 10:54 . 2011-07-22 18:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 08:27 . 2011-07-22 18:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20 . 2004-08-04 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 21:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2005-08-30 11:54 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-03 15:28 . 2004-08-04 21:00 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-01 16:07 . 2004-08-04 21:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 21:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2004-08-04 21:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-04 21:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
    [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
    [7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    .
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [7] 2004-08-04 21:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
    .
    [-] 2012-01-17 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
    [7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
    [7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
    [7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
    .
    [-] 2012-01-17 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
    .
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    [7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
    .
    [-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [7] 2004-08-04 21:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [7] 2004-08-04 21:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [7] 2004-08-04 21:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
    [7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
    [7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
    [7] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
    [7] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
    [7] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-17_22.16.49 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-18 18:42 . 2012-01-18 18:42 16384 c:\windows\temp\Perflib_Perfdata_150.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-23 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 23:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 2:18 PM 107256]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4/9/2009 2:21 PM 94360]
    R1 MpKslaf6b9ba2;MpKslaf6b9ba2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21FFB289-3E23-437E-9F32-897A88BAF6F6}\MpKslaf6b9ba2.sys [1/18/2012 1:42 PM 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4/9/2009 2:19 PM 731840]
    S1 MpKsl1e1d91d7;MpKsl1e1d91d7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl1e1d91d7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl1e1d91d7.sys [?]
    S1 MpKsl2a14abc0;MpKsl2a14abc0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42223CA-C68D-4E66-8EBC-2BCCAF3008DF}\MpKsl2a14abc0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42223CA-C68D-4E66-8EBC-2BCCAF3008DF}\MpKsl2a14abc0.sys [?]
    S1 MpKsl5e285322;MpKsl5e285322;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl5e285322.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl5e285322.sys [?]
    S1 MpKsl82e234e9;MpKsl82e234e9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl82e234e9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl82e234e9.sys [?]
    S1 MpKsl83a03ada;MpKsl83a03ada;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl83a03ada.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl83a03ada.sys [?]
    S1 MpKsl88cfca64;MpKsl88cfca64;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11742BCE-DF7D-40B2-8F4E-F4C805953164}\MpKsl88cfca64.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11742BCE-DF7D-40B2-8F4E-F4C805953164}\MpKsl88cfca64.sys [?]
    S1 MpKsl8e9f0038;MpKsl8e9f0038;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl8e9f0038.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl8e9f0038.sys [?]
    S1 MpKsl910bb69a;MpKsl910bb69a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl910bb69a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsl910bb69a.sys [?]
    S1 MpKsl973f34f0;MpKsl973f34f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl973f34f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsl973f34f0.sys [?]
    S1 MpKslaeb8d977;MpKslaeb8d977;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F8E6B89-9F23-477A-8E5E-AB254F8680B6}\MpKslaeb8d977.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F8E6B89-9F23-477A-8E5E-AB254F8680B6}\MpKslaeb8d977.sys [?]
    S1 MpKslba1ca8c7;MpKslba1ca8c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslba1ca8c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslba1ca8c7.sys [?]
    S1 MpKslc7f4d129;MpKslc7f4d129;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslc7f4d129.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FBAC7B2-0908-47E1-80F8-D14EEEE29DD7}\MpKslc7f4d129.sys [?]
    S1 MpKsld7fbf661;MpKsld7fbf661;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsld7fbf661.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81B7325-CBB0-41BA-BC6B-9F5AC8F6B338}\MpKsld7fbf661.sys [?]
    S1 MpKsldcab346e;MpKsldcab346e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsldcab346e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43481611-A14F-480C-9CF6-F3F7941A37E5}\MpKsldcab346e.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 3:21 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 3:21 PM 135664]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26A.tmp --> c:\windows\system32\26A.tmp [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 26045291
    *NewlyCreated* - MPKSLAF6B9BA2
    *Deregistered* - 26045291
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2011-07-20 c:\windows\Tasks\DriverCure.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
    .
    2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:21]
    .
    2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:21]
    .
    2012-01-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
    .
    2012-01-15 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
    .
    2010-02-05 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-01-18 14:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\????????@???????@
    .
    scanning hidden files ...
    .
    .
    c:\windows\$NtUninstallKB14200$:SummaryInformation 0 bytes hidden from API
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\26A.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(888)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2228)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2012-01-18 14:17:23
    ComboFix-quarantined-files.txt 2012-01-18 19:17
    ComboFix2.txt 2012-01-17 22:20
    .
    Pre-Run: 45,074,116,608 bytes free
    Post-Run: 45,054,980,096 bytes free
    .
    - - End Of File - - 2920EAE538D6E67701A8A8A3F9852B5D




    exeHelper by Raktor
    Build 20100414
    Run at 17:22:42 on 01/17/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 14:18:45 on 01/18/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Lets run a couple other scanners to see if they pick up any leftovers.

    1
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.

    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    2.
    Please download Listparts
    Please download Listparts64
    Run the tool, click Scan and post the log (Result.txt) it makes.

    3.
    Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with Dr.Web CureIt as follows:
    • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
    • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
    • The Express scan will automatically begin.
      (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
    • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
    • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
    • When complete, click Select All, then choose Cure > Move incurable.
      (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
    • Now put a check next to Complete scan to scan all local disks and removable media.
    • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
    • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
    • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
    • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
    • In the top menu, click file and choose save report list.
    • Save the DrWeb.csv report to your desktop.
    • Exit Dr.Web Cureit when done.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)



    Things to include in your next reply::
    MBAM log
    Drweb.cvs report
    Result.txt

    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    Sep 2005
    Location
    Cleveland, OH
    Posts
    143
    Points
    2

    Default

    I ran the Malewarebytes & Listparts scans and things seemed good. But when I rebooted to boot in safe mode to run the Dr.Web CureIt scan, all the desktop icons were the generic ones again and got the "Windows cant open this file, do you want to use the Web service to find a program or select a program from the list" error and I was unable to open any files. So I renamed the Dr.Web CureIt to a ".com" file and ran the scan. Even after the last scan found some viruses and deleted them, I rebooted and still have the generic icons and am unable to open files.

    The 3 logs are posted below. Thanks.



    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.14.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Tasha :: OLIVIA [administrator]

    1/19/2012 9:05:51 AM
    mbam-log-2012-01-19 (09-05-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 181082
    Time elapsed: 3 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)




    dds.pif;C:\Documents and Settings\Tasha\Desktop;Trojan.MulDrop2.44246;Incurable.Moved.;
    Crypto.dll;C:\Program Files\Online Services\PeoplePC\Bin;Trojan.PWS.Siggen.30176;Deleted.;
    A0087227.pif;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP52;Trojan.MulDrop2.44246;Incurable.Moved.;
    A0087228.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP52;Trojan.PWS.Siggen.30176;Deleted.;



    ListParts by Farbar
    Ran by Tasha on 19-01-2012 at 09:19:23
    Windows XP (X86)
    Running From: C:\Documents and Settings\Tasha\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 38%
    Total physical RAM: 1270.05 MB
    Available physical RAM: 777.59 MB
    Total Pagefile: 3021.03 MB
    Available Pagefile: 2747.1 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2001.46 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:64.15 GB) (Free:42.21 GB) NTFS ==>[Drive with boot components (Windows XP)]
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.35 GB) (Free:1.4 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    4 Drive f: () (Removable) (Total:7.46 GB) (Free:2.1 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 75 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 64 GB 32 KB
    Partition 2 Primary 9 GB 64 GB
    Partition 3 Unknown 1028 MB 74 GB

    Disk: 0
    The disk management services could not complete the operation.

    Disk: 0
    Partition 2
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D HP_RECOVERY FAT32 Partition 9 GB Healthy

    Disk: 0
    Partition 3
    Type : D7
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.


    ****** End Of Log ******

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    I think you antivirus and or Super AntiSyyware mAy be blocking the changes that are in effect until you reboot then protects and reiniate previous settings. I'm not for sure yet.


    1.
    Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows

    Please click this link-->Jotti

    When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

    c:\windows\explorer.exe
    c:\windows\system32\winlogon.exe
    c:\windows\$NtUninstallKB14200$



    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


    Go ahead and run unhide.exe and EXE helper again before proceeding.



    2.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.



    3.
    Click here to download Kaspersky Virus Removal Tool.
    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop.
    • After that leave what is selected and put a check next to My Computer.
    • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
    • Then click on Start Scan.
    • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
    • When the scan is done no log will be produced.
    • Click on the bottom where it says Report to open the report.
    • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 5 123 ... LastLast