PDA

View Full Version : Browser Redirecting



necromancer_1983
2010-10-16, 02:45
I've run many scans with various things and still can't stop being redirected to a car sales sites, etc. Some sites (Youtube, Google, etc) have lately started recognising me as being in the Netherlands when I'm in the UK, don't know if this is linked or not. Thanks.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Ingram1 at 0:36:55.10 on 16/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.419 [GMT 1:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Belkin\Router Setup and Monitor\ndis_events.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ingram1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.animenewsnetwork.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [PCSpeedUp] "c:\program files\pc speed up\PCSpeedUp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ingram1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\ingram1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-8-4 16512]

=============== Created Last 30 ================

2010-10-15 17:36:17 -------- d-----w- c:\docume~1\ingram1\applic~1\AVG10
2010-10-15 17:34:30 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-10-15 17:34:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar
2010-10-15 17:31:20 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-15 17:31:20 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-10-15 11:00:20 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-10-14 20:36:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-14 20:36:50 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-10-04 12:34:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-04 12:34:48 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-04 00:23:55 -------- d-----w- c:\docume~1\ingram1\applic~1\DAZ 3D
2010-10-03 22:43:44 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-10-01 00:02:21 -------- d-----w- c:\docume~1\ingram1\locals~1\applic~1\Unity
2010-09-29 01:43:44 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\iWin Games
2010-09-27 11:30:48 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol500.dll
2010-09-27 11:30:48 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2010-09-27 11:30:46 -------- d-----w- c:\docume~1\ingram1\applic~1\Catalina Marketing Corp
2010-09-22 17:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-22 17:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-21 23:48:01 -------- d-----w- c:\docume~1\ingram1\locals~1\applic~1\Speedchecker
2010-09-21 23:47:34 -------- d-----w- c:\program files\PC Speed Up
2010-09-21 21:25:42 -------- d-----w- c:\docume~1\ingram1\applic~1\Megaupload
2010-09-21 21:25:20 -------- d-----w- c:\program files\Megaupload
2010-09-21 21:21:35 946448 ----a-w- C:\netloader.exe
2010-09-19 02:33:05 -------- d-----w- c:\docume~1\ingram1\locals~1\applic~1\Sony
2010-09-19 02:32:08 -------- d-----w- c:\program files\common files\Sony Shared
2010-09-19 02:30:50 -------- d-----w- c:\docume~1\ingram1\locals~1\applic~1\Downloaded Installations
2010-09-19 02:30:39 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Sony Corporation
2010-09-19 02:27:44 -------- d-----w- c:\program files\Sony Media Go Install

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 0:38:41.50 ===============

ken545
2010-10-19, 03:51
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware execpt for the programs we may run.


You have quite a mess going on, and this is most likely the culprit BitComet your downloading files from an unknown source, malware writers are in tune to this and are infecting some download locations, I am going to ask you to uninstall this program via Add Remove programs in the Control Panel.

Step 1 | Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

necromancer_1983
2010-10-20, 20:31
I have uninstalled BitComet as asked. Nothing unusual was found.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7AD0000 \WINDOWS\system32\KDCOM.DLL
0xF79E0000 \WINDOWS\system32\BOOTVID.dll
0xF73CE000 sprx.sys
0xF7AD2000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73B6000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7388000 ACPI.sys
0xF7377000 pci.sys
0xF75D0000 isapnp.sys
0xF7365000 sfsync04.sys
0xF72F4000 wdf01000.sys
0xF75E0000 \WINDOWS\System32\Drivers\WDFLDR.SYS
0xF7B98000 pciide.sys
0xF7850000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75F0000 MountMgr.sys
0xF72D5000 ftdisk.sys
0xF7858000 PartMgr.sys
0xF7600000 VolSnap.sys
0xF72BD000 atapi.sys
0xF7610000 disk.sys
0xF7620000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF729D000 fltMgr.sys
0xF728B000 sr.sys
0xF7630000 PxHelp20.sys
0xF7274000 KSecDD.sys
0xF7261000 WudfPf.sys
0xF71D4000 Ntfs.sys
0xF71A7000 NDIS.sys
0xF7640000 uagp35.sys
0xF7194000 sfvfs02.sys
0xF7860000 sfhlp02.sys
0xF7182000 sfdrv01.sys
0xF79E4000 RecAgent.sys
0xF7650000 RapportKELL.sys
0xF7AD4000 \WINDOWS\System32\Drivers\USBD.SYS
0xF7168000 Mup.sys
0xF7868000 avgrkx86.sys
0xF7660000 AVGIDSEH.Sys
0xF6640000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF662C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7710000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7968000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7970000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6618000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7730000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7130000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF712C000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7740000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6242000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF621E000 \SystemRoot\system32\drivers\portcls.sys
0xF7750000 \SystemRoot\system32\drivers\drmk.sys
0xF61FB000 \SystemRoot\system32\drivers\ks.sys
0xF7978000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF61D7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7980000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6174000 \SystemRoot\system32\DRIVERS\slntamr.sys
0xF7128000 \SystemRoot\system32\DRIVERS\SlWdmSup.sys
0xF6155000 \SystemRoot\system32\DRIVERS\Mtlmnt5.sys
0xF7988000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7990000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF611D000 \SystemRoot\System32\Drivers\agy6zeij.SYS
0xF7760000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7CA0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7770000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A70000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6106000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7780000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7790000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF60F5000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77A0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77B0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B1E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6097000 \SystemRoot\system32\DRIVERS\update.sys
0xF6A30000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF605C000 \SystemRoot\system32\DRIVERS\sxuptp.sys
0xF77C0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77D0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF77E0000 \SystemRoot\system32\drivers\libusb0.sys
0xF7A80000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF78F0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7800000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7B2A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C06000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B2C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7910000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7918000 \SystemRoot\System32\drivers\vga.sys
0xF7B30000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B32000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7920000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7928000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AB0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4F01000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4EA8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF4E60000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF4E38000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF4E16000 \SystemRoot\System32\drivers\afd.sys
0xF6B82000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4D4B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4CFA000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0xF7930000 \??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
0xF4C8A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6B52000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7AC8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6B42000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF4C64000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6B32000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF713C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF4C28000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF7720000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4B98000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B8C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4C00000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C2D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7958000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF6B12000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB913B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB92C0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8EDE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7ADC000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8E96000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xB8B7D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8A35000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8E06000 \SystemRoot\system32\drivers\npf.sys
0xF7B7C000 \SystemRoot\system32\drivers\regi.sys
0xB8F93000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB8855000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB8719000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79B8000 \SystemRoot\System32\Drivers\AFGSp50.sys
0xABA5A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
448 C:\WINDOWS\system32\smss.exe
488 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
688 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
948 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1092 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1172 C:\WINDOWS\system32\svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1340 svchost.exe
1404 svchost.exe
1628 C:\WINDOWS\explorer.exe
1672 C:\WINDOWS\system32\spoolsv.exe
2044 svchost.exe
192 C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
244 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
256 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
264 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
348 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
408 C:\WINDOWS\soundman.exe
424 C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
632 C:\Program Files\AVG\AVG10\avgtray.exe
696 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
848 C:\WINDOWS\system32\ctfmon.exe
908 C:\Program Files\Messenger\msmsgs.exe
1144 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1160 C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
1388 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
1740 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1748 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1908 C:\WINDOWS\system32\libusbd-nt.exe
1888 C:\WINDOWS\system32\svchost.exe
2164 C:\WINDOWS\system32\nvsvc32.exe
2192 C:\WINDOWS\system32\svchost.exe
2216 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2276 C:\Program Files\WinPcap\rpcapd.exe
2308 locator.exe
2360 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2456 C:\WINDOWS\system32\slserv.exe
2468 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
2488 C:\WINDOWS\system32\svchost.exe
2540 C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
2604 C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
2656 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2820 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3224 C:\Program Files\AVG\AVG10\avgnsx.exe
3252 C:\Program Files\AVG\AVG10\avgemcx.exe
3992 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
1996 alg.exe
240 C:\WINDOWS\system32\svchost.exe
2852 C:\Program Files\Belkin\Router Setup and Monitor\ndis_events.exe
3584 wmiprvse.exe
2000 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2080 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3744 C:\Program Files\Internet Explorer\iexplore.exe
1304 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1044 C:\Program Files\Internet Explorer\iexplore.exe
368 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2700 C:\Program Files\Internet Explorer\iexplore.exe
5528 C:\WINDOWS\system32\wuauclt.exe
5448 C:\Documents and Settings\Ingram1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS)

PhysicalDrive0 Model Number: ST3200826A, Rev: 3.03

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

ken545
2010-10-21, 00:01
Hi,

I had you run MBRCheck because there where markers in your log that suggested that the Master Boot Record may have been infected, but it looks like its ok, lots of this going around lately


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean







Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

necromancer_1983
2010-10-21, 01:57
ComboFix 10-10-20.01 - Ingram1 20/10/2010 23:27:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.445 [GMT 1:00]
Running from: c:\documents and settings\Ingram1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Ingram1\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Ingram1\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Ingram1\Recent\DBOLE.tmp
c:\documents and settings\Ingram1\Recent\energy.tmp
c:\documents and settings\Ingram1\Recent\kernel32.tmp
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\system
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.

2010-10-20 17:42 . 2010-10-20 17:43 -------- d-----w- c:\documents and settings\Ingram1\Application Data\BitComet
2010-10-19 23:44 . 2008-04-13 23:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-10-19 23:44 . 2008-04-13 23:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-19 23:34 . 2010-10-02 09:33 73216 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2010-10-19 23:34 . 2010-08-19 18:24 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-10-19 23:34 . 2010-08-19 18:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-10-19 23:26 . 2010-10-19 23:26 -------- d-----w- c:\documents and settings\Ingram1\Application Data\MotioninJoy
2010-10-19 23:26 . 2010-08-19 18:24 255496 ----a-w- c:\windows\system32\MijFrc.dll
2010-10-19 23:26 . 2010-10-19 23:26 -------- d-----w- c:\program files\MotioninJoy
2010-10-16 07:28 . 2010-10-16 07:28 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-10-15 23:35 . 2010-10-15 23:35 -------- d-----w- c:\program files\ERUNT
2010-10-15 17:36 . 2010-10-15 17:36 -------- d-----w- c:\documents and settings\Ingram1\Application Data\AVG10
2010-10-15 17:34 . 2010-10-15 17:34 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2010-10-15 17:34 . 2010-10-15 17:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2010-10-15 17:31 . 2010-10-20 16:53 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-15 17:31 . 2010-10-15 17:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2010-10-15 11:00 . 2010-10-15 17:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2010-10-14 20:36 . 2010-10-15 10:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-10-14 20:36 . 2010-10-14 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-04 12:34 . 2010-10-04 12:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-04 12:34 . 2010-10-04 12:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2010-10-04 00:23 . 2010-10-04 00:23 -------- d-----w- c:\documents and settings\Ingram1\Application Data\DAZ 3D
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-10-01 00:02 . 2010-10-01 00:02 -------- d-----w- c:\documents and settings\Ingram1\Local Settings\Application Data\Unity
2010-09-29 01:43 . 2010-09-29 01:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games
2010-09-27 11:30 . 2010-09-27 11:30 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol500.dll
2010-09-27 11:30 . 2010-09-27 11:30 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2010-09-27 11:30 . 2010-09-27 11:30 -------- d-----w- c:\documents and settings\Ingram1\Application Data\Catalina Marketing Corp
2010-09-22 17:10 . 2010-09-22 17:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 17:10 . 2010-09-22 17:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-21 23:48 . 2010-09-21 23:48 -------- d-----w- c:\documents and settings\Ingram1\Local Settings\Application Data\Speedchecker
2010-09-21 23:47 . 2010-09-23 13:11 -------- d-----w- c:\program files\PC Speed Up
2010-09-21 21:25 . 2010-09-21 21:25 -------- d-----w- c:\documents and settings\Ingram1\Application Data\Megaupload
2010-09-21 21:25 . 2010-09-21 21:25 -------- d-----w- c:\program files\Megaupload
2010-09-21 21:21 . 2010-09-21 21:20 946448 ----a-w- C:\netloader.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2009-10-18 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-10-18 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\SoftwareDistribution\Download\58656e1248b8e15fcaf07c88694a8cda\SP3GDR\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\system32\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\SoftwareDistribution\Download\58656e1248b8e15fcaf07c88694a8cda\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\ie8\mshtml.dll
[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB969897$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\SoftwareDistribution\Download\58656e1248b8e15fcaf07c88694a8cda\SP3GDR\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\system32\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\SoftwareDistribution\Download\58656e1248b8e15fcaf07c88694a8cda\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\ie8\wininet.dll
[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB969897$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3GDR\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-11 00:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-11 00:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll

[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-08-27 14:25 2565448 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-08 1133464]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ingram1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\ViRC\\ViRC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18502:TCP"= 18502:TCP:BitComet 18502 TCP
"18502:UDP"= 18502:UDP:BitComet 18502 UDP
"9338:TCP"= 9338:TCP:BitComet 9338 TCP
"9338:UDP"= 9338:UDP:BitComet 9338 UDP
"12235:TCP"= 12235:TCP:BitComet 12235 TCP
"12235:UDP"= 12235:UDP:BitComet 12235 UDP
"9477:TCP"= 9477:TCP:BitComet 9477 TCP
"9477:UDP"= 9477:UDP:BitComet 9477 UDP
"19918:TCP"= 19918:TCP:BitComet 19918 TCP
"19918:UDP"= 19918:UDP:BitComet 19918 UDP
"9584:TCP"= 9584:TCP:BitComet 9584 TCP
"9584:UDP"= 9584:UDP:BitComet 9584 UDP
"27358:TCP"= 27358:TCP:BitComet 27358 TCP
"27358:UDP"= 27358:UDP:BitComet 27358 UDP
"14945:TCP"= 14945:TCP:BitComet 14945 TCP
"14945:UDP"= 14945:UDP:BitComet 14945 UDP
"19367:TCP"= 19367:TCP:BitComet 19367 TCP
"19367:UDP"= 19367:UDP:BitComet 19367 UDP
"9367:TCP"= 9367:TCP:BitComet 9367 TCP
"9367:UDP"= 9367:UDP:BitComet 9367 UDP
"12720:TCP"= 12720:TCP:BitComet 12720 TCP
"12720:UDP"= 12720:UDP:BitComet 12720 UDP
"8421:TCP"= 8421:TCP:BitComet 8421 TCP
"8421:UDP"= 8421:UDP:BitComet 8421 UDP
"17557:TCP"= 17557:TCP:BitComet 17557 TCP
"17557:UDP"= 17557:UDP:BitComet 17557 UDP
"9557:TCP"= 9557:TCP:BitComet 9557 TCP
"9557:UDP"= 9557:UDP:BitComet 9557 UDP
"11662:TCP"= 11662:TCP:BitComet 11662 TCP
"11662:UDP"= 11662:UDP:BitComet 11662 UDP
"8861:TCP"= 8861:TCP:BitComet 8861 TCP
"8861:UDP"= 8861:UDP:BitComet 8861 UDP
"25492:TCP"= 25492:TCP:BitComet 25492 TCP
"25492:UDP"= 25492:UDP:BitComet 25492 UDP
"16144:TCP"= 16144:TCP:BitComet 16144 TCP
"16144:UDP"= 16144:UDP:BitComet 16144 UDP
"8515:TCP"= 8515:TCP:BitComet 8515 TCP
"8515:UDP"= 8515:UDP:BitComet 8515 UDP
"23020:TCP"= 23020:TCP:BitComet 23020 TCP
"23020:UDP"= 23020:UDP:BitComet 23020 UDP
"8137:TCP"= 8137:TCP:BitComet 8137 TCP
"8137:UDP"= 8137:UDP:BitComet 8137 UDP
"13745:TCP"= 13745:TCP:BitComet 13745 TCP
"13745:UDP"= 13745:UDP:BitComet 13745 UDP
"8000:TCP"= 8000:TCP:BitComet 8000 TCP
"8000:UDP"= 8000:UDP:BitComet 8000 UDP
"23745:TCP"= 23745:TCP:BitComet 23745 TCP
"23745:UDP"= 23745:UDP:BitComet 23745 UDP
"10899:TCP"= 10899:TCP:BitComet 10899 TCP
"10899:UDP"= 10899:UDP:BitComet 10899 UDP
"19642:TCP"= 19642:TCP:BitComet 19642 TCP
"19642:UDP"= 19642:UDP:BitComet 19642 UDP
"10758:TCP"= 10758:TCP:BitComet 10758 TCP
"10758:UDP"= 10758:UDP:BitComet 10758 UDP
"9726:TCP"= 9726:TCP:BitComet 9726 TCP
"9726:UDP"= 9726:UDP:BitComet 9726 UDP
"19098:TCP"= 19098:TCP:BitComet 19098 TCP
"19098:UDP"= 19098:UDP:BitComet 19098 UDP
"13781:TCP"= 13781:TCP:BitComet 13781 TCP
"13781:UDP"= 13781:UDP:BitComet 13781 UDP
"9358:TCP"= 9358:TCP:BitComet 9358 TCP
"9358:UDP"= 9358:UDP:BitComet 9358 UDP
"24173:TCP"= 24173:TCP:BitComet 24173 TCP
"24173:UDP"= 24173:UDP:BitComet 24173 UDP
"11533:TCP"= 11533:TCP:BitComet 11533 TCP
"11533:UDP"= 11533:UDP:BitComet 11533 UDP
"25208:TCP"= 25208:TCP:BitComet 25208 TCP
"25208:UDP"= 25208:UDP:BitComet 25208 UDP
"9116:TCP"= 9116:TCP:BitComet 9116 TCP
"9116:UDP"= 9116:UDP:BitComet 9116 UDP
"9632:TCP"= 9632:TCP:BitComet 9632 TCP
"9632:UDP"= 9632:UDP:BitComet 9632 UDP
"18371:TCP"= 18371:TCP:BitComet 18371 TCP
"18371:UDP"= 18371:UDP:BitComet 18371 UDP
"25300:TCP"= 25300:TCP:BitComet 25300 TCP
"25300:UDP"= 25300:UDP:BitComet 25300 UDP
"16553:TCP"= 16553:TCP:BitComet 16553 TCP
"16553:UDP"= 16553:UDP:BitComet 16553 UDP
"13242:TCP"= 13242:TCP:BitComet 13242 TCP
"13242:UDP"= 13242:UDP:BitComet 13242 UDP
"13943:TCP"= 13943:TCP:BitComet 13943 TCP
"13943:UDP"= 13943:UDP:BitComet 13943 UDP
"9770:TCP"= 9770:TCP:BitComet 9770 TCP
"9770:UDP"= 9770:UDP:BitComet 9770 UDP
"25295:TCP"= 25295:TCP:BitComet 25295 TCP
"25295:UDP"= 25295:UDP:BitComet 25295 UDP
"13226:TCP"= 13226:TCP:BitComet 13226 TCP
"13226:UDP"= 13226:UDP:BitComet 13226 UDP
"9025:TCP"= 9025:TCP:BitComet 9025 TCP
"9025:UDP"= 9025:UDP:BitComet 9025 UDP
"26043:TCP"= 26043:TCP:BitComet 26043 TCP
"26043:UDP"= 26043:UDP:BitComet 26043 UDP
"21664:TCP"= 21664:TCP:BitComet 21664 TCP
"21664:UDP"= 21664:UDP:BitComet 21664 UDP
"13806:TCP"= 13806:TCP:BitComet 13806 TCP
"13806:UDP"= 13806:UDP:BitComet 13806 UDP
"26331:TCP"= 26331:TCP:BitComet 26331 TCP
"26331:UDP"= 26331:UDP:BitComet 26331 UDP
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"1900:TCP"= 1900:TCP:BitComet 1900 TCP
"19540:UDP"= 19540:UDP:SXUPTP

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 23:43 59240]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 23:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43 169320]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/09/2010 10:35 6104144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 01:45 265400]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [02/09/2010 09:47 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [02/09/2010 09:47 49152]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 23:43 767208]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 20:09 11032]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [23/01/2010 21:24 33792]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [02/09/2010 09:46 246936]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [04/08/2009 11:51 16512]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [15/10/2010 18:34 488776]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/08/2009 12:35 59552]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/04/2010 13:13 135664]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [20/10/2010 00:34 73216]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/07/2009 23:54 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 12:13]

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 12:13]

2010-10-20 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2010-07-19 12:31]

2010-10-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 16:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.animenewsnetwork.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-PCSpeedUp - c:\program files\PC Speed Up\PCSpeedUp.exe
AddRemove-Exult - c:\ultima 7\Exult\Uninst.isu



[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d1,73,97,e9,c0,8e,58,2f,46,b6,5e,b0,b6,92,b6,f2,f6,8e,50,57,1a,
e1,ef,bf,bb,2c,0b,a4,1f,32,69,52,48,52,0d,ce,50,f8,60,fb,a3,80,59,5a,6d,97,\
"rkeysecu"=hex:c7,2a,2e,4a,68,e8,4c,2a,65,61,d3,00,df,41,8b,08

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SOUNDMAN.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Belkin\Router Setup and Monitor\ndis_events.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-10-20 23:53:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-20 22:53
ComboFix2.txt 2009-06-13 17:29

Pre-Run: 15,599,554,560 bytes free
Post-Run: 15,455,465,472 bytes free

- - End Of File - - A3839518F6036ED906958224563F7916

ken545
2010-10-21, 03:05
Hi,

If you look at your Combofix log you can see that bit comet had access to many ports, what that means is that it could download anything it wished without a problem, not good :sad:


There are numerous files with failed signature checks on your machine, this is an indication that the catroot is busted.

The best way to fix this is to uninstall, then re-install service pack 3.

For the best results, this should be done in safe mode:


Please download SP3 from here. Save it to your desktop.

http://www.microsoft.com/downloads/details...;displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en)

This page will say that this installation package is intended for IT professionals and developers. However, you can safely download this file.


Now tap into safe mode:

(on startup tap F8 repeatedly till an option menu appears - arrow up to safe mode)

Now uninstall SP3

Click Start, click Run, copy/paste c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe into the open box, and then click OK.
When the Windows XP Service Pack 3 Removal Wizard starts, click Next.
Follow the instructions on the screen to remove Windows XP SP3.


Reboot and boot back into safe mode again.

Now install the SP3 that you had previously downloaded.




Let me know how it went

necromancer_1983
2010-10-22, 00:13
Once I'd booted into safe mode and tried to run c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe, the spunist folder was empty and couldn't find spunist.exe, what should I do now?

ken545
2010-10-22, 02:58
Hi,

What I would like you to do is post in our sister sites windows forum. You can link them to this thread and let them know that catroot is busted and you need help uninstalling Service Pack 3 and then reinstalling it.
http://forums.whatthetech.com/index.php?showforum=119

When where done then post back and we can continue