GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

rundll32.exe virus

View previous topic View next topic Go down

rundll32.exe virus

Post by Kama on Fri Dec 30, 2011 9:00 am

I have no doubt acquired a virus. At first XP Antispyware 2012 popped up and hijacked administrative permissions, halted my internet access(through the use of vbu.exe which i destroyed to get my internet back), and will not allow me to run any executables. When I try to run an executable it brings up the "choose program to open with" window as if it cannot recognize the file. Online Armor also picked up what appeared to be a keylogger installed on the same date and time as vbu.exe and I have blocked that. I have tried reverting my system to a restoration point however when I attempt to do so I get the same window. This also happens with any "run" commands such as regedit, command, and msconfig. I have booted in safe mode and attempted to go to the help center but helpctr.exe cannot be found. When I attempt to go into properties on my computer it cannot find rundll32.exe. I have attempt to replace the dll file with a replacement from /dllcache however that file appears to have been moved or delete. The sized of rundll32.exe is 32.5kb(33,280) and shown as a page. My system is as follows:

HP xw9300 workstation
6GB Ram
dual 2.6ghz dual core AMD opterons
nvidia quadro commercial graphics card
nForce 4 mobo (unknown HP configuration)
Windows XP Professional SP2(i believe)

I've run out of ideas and spent a lot of time reading and get stuck in a loop. I figure you guys are badass enough to figure this out.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sat Dec 31, 2011 1:13 am

Hello, Welcome to GeekPolice!

I'm Houndmom and I will be helping you get your computer cleaned up. Right On!
Please note the following information about the malware forum:
* Only Tech Officers, Global Moderators, Administrators, Malware Advisors and Tech Advisors are allowed to give advice on removing malware from your computer.
* From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
* Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
* If you have already asked for help somewhere, please post the link to the topic you were helped.
* We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see [You must be registered and logged in to see this link.]

* Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Please stick with me in this topic until its close, and your computer is declared clean.

I am a student and need to get approval for each step. I appreciate your patience, and will return with the first step.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sat Dec 31, 2011 1:31 am

Please download and run the following tool to help allow other programs to
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

[color=green]Note: This tool only kills the active infection, the actual infection will not be gone.

There are seven different versions. If one of them won't run then download and try to run the other one.
Vista and Windows 7 users need to right-click and choose Run as Administrator
You only need to get one of them to run, not all of them.

  1. [You must be registered and logged in to see this link.]
  2. [You must be registered and logged in to see this link.]
  3. [You must be registered and logged in to see this link.]
  4. [You must be registered and logged in to see this link.] - This renamed copy may trigger an alert from MBAM. It can be ignored and is safe.
  5. [You must be registered and logged in to see this link.]
  6. [You must be registered and logged in to see this link.]
  7. [You must be registered and logged in to see this link.]


Once you've gotten one of them to run then try to immediately run the following:

  • Download[You must be registered and logged in to see this link.] onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Sat Dec 31, 2011 5:03 am

Glad to have you on board. Hooray!

I have attempted to do as you have asked. My computer does not recognize executables. Any executable I attempt to load brings up the "Open With" menu with a list of programs. The only reason I can open firefox.exe is because i can select firefox.exe on the "Open With" menu and for some reason allows the program to attempt to open its own executable. I have figured out I can also open system configuration in this manner, it is plausible I could open others like this. There must be a program running in the background that assumes control of the admin permissions as it claims I do not have permission to open any of the files you asked me to run. When I click your executables it brings me to the Open With menu and I can browse to the said app and select it, it then gives me the "you do not have appropriate permissions" jargon.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sun Jan 01, 2012 8:10 pm

That's okay Big Grin

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Mon Jan 02, 2012 3:35 am

Link 1 and link 2? They don't seem to be links....

Nevermind

I am still getting the "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item" message. I swear I will hunt down the scum that wrote this virus. I will try and think up some way I can trick the system into opening the file... hmmmm.... I have a few ideas...


Last edited by Kama on Mon Jan 02, 2012 3:43 am; edited 2 times in total (Reason for editing : They work now....)

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Mon Jan 02, 2012 8:08 am

Yeah... my ideas all sucked and nothing worked.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Wed Jan 04, 2012 12:12 am

Please log in into the account where files won't run.
Then, make sure extensions are shown, see [You must be registered and logged in to see this link.] how to do this.
Then, navigate to OTL to run it.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 04, 2012 12:49 am

okay I did this but it still askes me what program would I like to use to open OTL.exe, so I did as you said and navigated to OTL.exe on my desktop and it still says "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item"

Although I tried running exeHelper(.com i believe) again and it DID pop up with a black window this time, however i get a window titled "16 Bit MS-DOS Subsystem" with a message saying:

C:\DOCUME~1\USER~1\EXEHEL~1.PIF
Invalid program file name, please check your pif file. Choose 'Close' to terminate the application.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Wed Jan 04, 2012 12:57 am

Are you able to access Safe Mode??
To Start computer in Safe Mode
  • As your computer is booting from restart tap the F8 key until you get the Safe Mode menu.
    Note: If the Windows Start up screen comes up, you need to try again
  • Use up arrows to choose Safe Mode with networking.
  • Click Enter
    Note: If you are still are unable to get into safe mode after several tries. You can also turn off your computer as it is booting. When the computer is restarted Windows should automatically notice the computer did not start up correctly and give you the start menu.


If you can please run This in SafeMode:
Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.





If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 04, 2012 1:19 am

I suppose I should have mentioned I have already used combofix in safe mode with the aforementioned results of attempting to run an exe, however I will try renaming it and repeat. I have it on a flash drive with a bunch of other anti-hackware, however considering this virus has so far proven extremely annoying I will download the program again in order to rule out any tampering.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Wed Jan 04, 2012 1:42 am

ok Take your time



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 04, 2012 2:40 am

Renaming the program worked. Here is the log:

ComboFix 12-01-03.07 - Administrator 01/03/2012 20:06:24.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3328.2929 [GMT -6:00]
Running from: i:\utilities cocktail\Commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Valyndiir\WINDOWS
c:\windows\EventSystem.log
c:\windows\system32\muzapp.exe
c:\windows\system32\SET51.tmp
D:\UNWISE.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 01:24 . 2012-01-04 01:25 -------- d-----w- c:\documents and settings\Administrator
2011-12-30 04:27 . 2011-12-30 04:29 -------- d-----w- c:\documents and settings\Spartan
2011-12-27 09:07 . 2011-12-27 09:08 -------- d-----w- c:\program files\Ask.com
2011-12-27 09:06 . 2011-12-27 09:06 -------- d-----w- c:\program files\Shockwave.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-04 04:02 . 2011-11-27 02:27 973632 ----a-w- c:\windows\system32\nvdispco3220155.dll
2011-11-04 04:02 . 2011-11-27 02:27 877376 ----a-w- c:\windows\system32\nvgenco3220103.dll
2011-11-04 04:02 . 2010-06-10 23:46 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-04 04:02 . 2010-06-10 23:46 2811200 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-04 04:02 . 2010-06-10 23:46 2084672 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-04 04:02 . 2010-06-10 23:46 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-04 04:02 . 2010-06-10 23:46 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-04 04:02 . 2007-03-19 15:15 4205056 ----a-w- c:\windows\system32\nv4_disp.dll
2011-11-04 04:02 . 2007-03-19 15:15 2335232 ----a-w- c:\windows\system32\nvapi.dll
2011-11-04 04:02 . 2007-03-19 15:15 16076800 ----a-w- c:\windows\system32\nvoglnt.dll
2011-11-04 04:02 . 2007-03-19 15:15 12832512 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-11-03 13:02 . 2011-11-27 02:30 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-11-03 13:02 . 2011-11-27 02:30 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-11-03 13:02 . 2011-11-27 02:30 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-11-03 13:02 . 2011-11-27 02:30 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-11-03 13:02 . 2011-11-27 02:30 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-11-03 13:02 . 2011-11-27 02:30 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-11-03 13:02 . 2011-11-27 02:30 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-11-03 13:02 . 2011-11-27 02:30 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-11-03 13:02 . 2011-11-27 02:30 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-11-03 13:02 . 2011-11-27 02:30 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-11-03 13:02 . 2011-11-27 02:30 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-11-03 13:02 . 2011-11-27 02:30 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-11-03 13:02 . 2011-11-27 02:30 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-11-03 13:02 . 2011-11-27 02:30 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-11-03 13:02 . 2011-11-27 02:30 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-11-03 13:02 . 2011-11-27 02:30 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-11-03 13:02 . 2011-11-27 02:30 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-11-03 13:02 . 2011-11-27 02:30 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-11-03 13:02 . 2011-11-27 02:30 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-11-03 13:02 . 2011-11-27 02:30 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-11-03 12:58 . 2010-05-21 02:32 112960 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-03 12:58 . 2010-05-21 02:32 156480 ----a-w- c:\windows\system32\nvsvc32.exe
2011-11-03 12:58 . 2010-05-21 02:32 13900096 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-03 12:58 . 2010-05-21 02:32 146752 ----a-w- c:\windows\system32\nvcolor.exe
2011-11-03 12:58 . 2011-11-27 02:30 545088 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-03 12:58 . 2010-05-21 02:32 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-03-19 08:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-07 19:38 . 2011-08-30 04:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\mshtml.dll
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-22 . BD1365D9400C3DB84D76AE77318E1A8D . 3063808 . . [6.00.2900.3660] . . c:\windows\ie8\mshtml.dll
[-] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[-] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[-] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3GDR\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\$NtUninstallKB978207$\mshtml.dll
[-] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\system32\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-22 . A59054653A2DA13132BE377A650971C9 . 662016 . . [6.00.2900.3660] . . c:\windows\ie8\wininet.dll
[-] 2009-12-22 . 3E617A36A895363FBBE6D1D0405D7E12 . 668672 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
[-] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
[-] 2009-12-22 . BD27AF5C72D2FBFE491D3A3A8429B974 . 668672 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3GDR\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB978207$\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 04, 2012 2:41 am

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 5B542B9C2D8D613CE7D24563926F3411 . 2015744 . . [5.1.2600.3654] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165-v2\SP2QFE\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB977165-v2_0$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 339EC6940BEBF9775CB65E29E0CD9782 . 2136064 . . [5.1.2600.3654] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165-v2\SP2QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB977165-v2_0$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 01:29 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-03-13 925688]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Macro Express 3.lnk
backup=c:\windows\pss\Macro Express 3.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Valyndiir^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Valyndiir\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-03-13 14:10 6658552 ----a-w- c:\program files\Tall Emu\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-11-18 01:29 901800 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-03-06 00:41 98304 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-02-23 15:04 3451496 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-03-24 21:26 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 20:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-09-29 21:19 929680 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-09-29 21:19 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-09-29 21:19 3508112 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 22:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-11-03 12:58 13900096 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-11-03 12:58 112960 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-12-21 01:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-09-07 16:41 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-17 09:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McComponentHostService"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"wlidsvc"=2 (0x2)
"winmgmt"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"UxTuneUp"=2 (0x2)
"upnphost"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"SwitchBoard"=3 (0x3)
"SvcOnlineArmor"=2 (0x2)
"SSDPSRV"=3 (0x3)
"SpyHunter 4 Service"=2 (0x2)
"Spooler"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SeaPort"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"OAcat"=2 (0x2)
"NVSvc"=2 (0x2)
"NVIDIA Performance Driver Service"=2 (0x2)
"NtmsSvc"=3 (0x3)
"npggsvc"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"hpqddsvc"=2 (0x2)
"hpqcxs08"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dot3svc"=3 (0x3)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"CryptSvc"=2 (0x2)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Games\\Gametap\\games\\150038750\\smashfrenzy4\\SmashFrenzy4.EN.full\\SF4.exe"=
"c:\\GameTap\\Games\\gothic3\\Gothic3.exe"=
.
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/19/2010 2:38 AM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/19/2010 2:38 AM 29560]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/27/2011 1:10 PM 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/19/2010 2:36 AM 301528]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/19/2010 2:38 AM 226680]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Valyndiir\My Documents\Downloads\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/14/2011 2:25 PM 8576]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/19/2010 2:36 AM 19544]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/15/2011 1:01 AM 77624]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\GameGuard\dump_wmimmc.sys --> c:\ijji\GameGuard\dump_wmimmc.sys [?]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 5:10 PM 5248]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/27/2010 6:34 PM 36608]
S3 jatmlano;jatmlano;c:\docume~1\VALYND~1\LOCALS~1\Temp\jatmlano.sys [3/11/2006 1:46 AM 29696]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10/15/2011 1:01 AM 181432]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4/27/2010 6:34 PM 233472]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2010 2:36 AM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2010 2:36 AM 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4/30/2010 5:52 AM 3795560]
S4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/19/2010 2:38 AM 1284600]
S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [11/5/2010 5:53 PM 327000]
S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/19/2010 2:38 AM 3360760]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 08:36]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 08:36]
.
2012-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-261478967-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-261478967-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-01-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-18 01:29]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-RDReminder - c:\program files\Dll-Files.com Fixer\DLLFixer.exe
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-03 20:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2012-01-03 20:13:27
ComboFix-quarantined-files.txt 2012-01-04 02:13
.
Pre-Run: 5,127,045,120 bytes free
Post-Run: 5,291,802,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /safeboot:network
.
- - End Of File - - 610AC3D76E54FC8D39C9A7A1E2170879

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 04, 2012 2:45 am

If you don't mind, would you elaborate on what you are looking for?

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 04, 2012 3:29 am

Upon rebooting my theme reverted to the standards windows theme and I no longer have sound.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 04, 2012 3:53 am

Delay that, got it working. The system is just acting really odd.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Thu Jan 05, 2012 3:59 pm

You have used an old version of Combofix and other outdated removal tools that may have contributed to the problems on your computer. Removal takes lots of intense training so that the files, folders and registry items needed to run the computer properly are not removed.

ComboFix should not be run without the guidance of a helper!

It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

See ComboFix's [You must be registered and logged in to see this link.]

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please refer to this thread for more information on why you shouldn't use ComboFix without supervision of a trained expert: [You must be registered and logged in to see this link.]

First:
You appear to have a broken catroot folder, let's see if we can repair it.
Repair Catroot:

  • Please download Dial-A-Fix from one of the following mirrors:

  • [You must be registered and logged in to see this link.]
  • [You must be registered and logged in to see this link.]

  • Extract the zip file to your desktop.

  • Double click Dial-A-Fix.exe to start the program. Dial-A-Fix might give you a lot of errors, just ignore them and click to continue.

  • Press the green double checkmark box (it looks like this: )

  • Uncheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





  • Click on Go
  • Wait for Dial-A-Fix to finish (All the checks marks will be all gone)
  • Close Dial-A-Fix


Then
Remove the ComboFix Icon and get the latest version. (Be sure Combofix is on your desktop) before you try to run the scan again.
(Please use the instructions and link from the first time you ran ComboFix)

When ComboFix is finished running it will produce a log, please save this to a Notepad file and include on the next post.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Fri Jan 06, 2012 3:39 am

I don't understand, ComboFix failed to execute for me. Only after you asked that I download and run the new and renamed version did it finally execute. I don't see how I could have caused any problems. The only tool that was used was my firewall(Online Armor) and that was simply to find the file path to vbu.exe, delete it(in order to regain net access) and block the key logger. However, Avast and Online Armor have been squelched by the virus as they will not load on start up. ComboFix.exe was off limits in safe mode along with spyhunter and hijackthis. Other programs ran, so I assumed the virus had targeted specific programs that would have been a threat. I didn't think to rename them upon downloading. So the only thing I have successfully accomplished was deleting vbu.exe.

I will wait until you post again before proceeding.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Fri Jan 06, 2012 3:25 pm

That's okay.

Were you able to run Dial-A-Fix and the other instructions for combofix from my previous post?
Appears you have a broken catroot folder, lets do this to see if we can get it fixed


  • Please download Dial-A-Fix from one of the following mirrors:

  • [You must be registered and logged in to see this link.]
  • [You must be registered and logged in to see this link.]

  • Extract the zip file to your desktop.

  • Double click Dial-A-Fix.exe to start the program. Dial-A-Fix might give you a lot of errors, just ignore them and click to continue.

  • Press the green double checkmark box (it looks like this: )

  • Uncheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





  • Click on Go
  • Wait for Dial-A-Fix to finish (All the checks marks will be all gone)
  • Close Dial-A-Fix




Next:

Remove ComboFix icon and grab the latest version (Be sure ComboFix is on your Desktop) before trying to scan again (use the original link and instructions,(use the same link and instructions as the first time you ran ComboFix).

When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply
On the Combofix instructions please use the download link from Post #10



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Fri Jan 06, 2012 9:58 pm

I still cannot run executables without being in safe mode. So I assume that is what you want me to do.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Sat Jan 07, 2012 9:34 am

ComboFix 12-01-06.01 - Administrator 01/07/2012 2:42.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3328.3047 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-06 22:22 . 2012-01-06 22:24 -------- d-----w- c:\windows\system32\CatRoot2
2012-01-04 01:24 . 2012-01-06 22:18 -------- d-----w- c:\documents and settings\Administrator
2011-12-30 04:27 . 2011-12-30 04:29 -------- d-----w- c:\documents and settings\Spartan
2011-12-27 09:07 . 2011-12-27 09:08 -------- d-----w- c:\program files\Ask.com
2011-12-27 09:06 . 2011-12-27 09:06 -------- d-----w- c:\program files\Shockwave.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-04 04:02 . 2011-11-27 02:27 973632 ----a-w- c:\windows\system32\nvdispco3220155.dll
2011-11-04 04:02 . 2011-11-27 02:27 877376 ----a-w- c:\windows\system32\nvgenco3220103.dll
2011-11-04 04:02 . 2010-06-10 23:46 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-04 04:02 . 2010-06-10 23:46 2811200 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-04 04:02 . 2010-06-10 23:46 2084672 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-04 04:02 . 2010-06-10 23:46 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-04 04:02 . 2010-06-10 23:46 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-04 04:02 . 2007-03-19 15:15 4205056 ----a-w- c:\windows\system32\nv4_disp.dll
2011-11-04 04:02 . 2007-03-19 15:15 2335232 ----a-w- c:\windows\system32\nvapi.dll
2011-11-04 04:02 . 2007-03-19 15:15 16076800 ----a-w- c:\windows\system32\nvoglnt.dll
2011-11-04 04:02 . 2007-03-19 15:15 12832512 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-11-03 13:02 . 2011-11-27 02:30 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-11-03 13:02 . 2011-11-27 02:30 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-11-03 13:02 . 2011-11-27 02:30 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-11-03 13:02 . 2011-11-27 02:30 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-11-03 13:02 . 2011-11-27 02:30 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-11-03 13:02 . 2011-11-27 02:30 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-11-03 13:02 . 2011-11-27 02:30 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-11-03 13:02 . 2011-11-27 02:30 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-11-03 13:02 . 2011-11-27 02:30 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-11-03 13:02 . 2011-11-27 02:30 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-11-03 13:02 . 2011-11-27 02:30 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-11-03 13:02 . 2011-11-27 02:30 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-11-03 13:02 . 2011-11-27 02:30 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-11-03 13:02 . 2011-11-27 02:30 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-11-03 13:02 . 2011-11-27 02:30 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-11-03 13:02 . 2011-11-27 02:30 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-11-03 13:02 . 2011-11-27 02:30 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-11-03 13:02 . 2011-11-27 02:30 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-11-03 13:02 . 2011-11-27 02:30 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-11-03 13:02 . 2011-11-27 02:30 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-11-03 13:02 . 2011-11-27 02:30 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-11-03 13:02 . 2011-11-27 02:30 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-11-03 12:58 . 2010-05-21 02:32 112960 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-03 12:58 . 2010-05-21 02:32 156480 ----a-w- c:\windows\system32\nvsvc32.exe
2011-11-03 12:58 . 2010-05-21 02:32 13900096 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-03 12:58 . 2010-05-21 02:32 146752 ----a-w- c:\windows\system32\nvcolor.exe
2011-11-03 12:58 . 2011-11-27 02:30 545088 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-03 12:58 . 2010-05-21 02:32 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-03-19 08:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-07 19:38 . 2011-08-30 04:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 01:29 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1634112]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-11-03 112960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-11-03 13900096]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-03-13 6658552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-03-13 925688]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Macro Express 3.lnk
backup=c:\windows\pss\Macro Express 3.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Valyndiir^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Valyndiir\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-11-18 01:29 901800 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-03-06 00:41 98304 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-03-24 21:26 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 20:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-09-29 21:19 929680 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-09-29 21:19 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-09-29 21:19 3508112 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 22:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-17 09:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Sat Jan 07, 2012 9:43 am

.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McComponentHostService"=3 (0x3)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"SwitchBoard"=3 (0x3)
"SpyHunter 4 Service"=2 (0x2)
"SeaPort"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"npggsvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=3 (0x3)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UxTuneUp"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SvcOnlineArmor"=2 (0x2)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"OAcat"=2 (0x2)
"NVSvc"=2 (0x2)
"NVIDIA Performance Driver Service"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HPSLPSVC"=2 (0x2)
"hpqddsvc"=2 (0x2)
"hpqcxs08"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Games\\Gametap\\games\\150038750\\smashfrenzy4\\SmashFrenzy4.EN.full\\SF4.exe"=
"c:\\GameTap\\Games\\gothic3\\Gothic3.exe"=
.
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/19/2010 2:38 AM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/19/2010 2:38 AM 29560]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/27/2011 1:10 PM 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/19/2010 2:36 AM 301528]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/19/2010 2:38 AM 226680]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Valyndiir\My Documents\Downloads\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/14/2011 2:25 PM 8576]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/19/2010 2:36 AM 19544]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/15/2011 1:01 AM 77624]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\GameGuard\dump_wmimmc.sys --> c:\ijji\GameGuard\dump_wmimmc.sys [?]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 5:10 PM 5248]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/27/2010 6:34 PM 36608]
S3 jatmlano;jatmlano;c:\docume~1\VALYND~1\LOCALS~1\Temp\jatmlano.sys [3/11/2006 1:46 AM 29696]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10/15/2011 1:01 AM 181432]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4/27/2010 6:34 PM 233472]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2010 2:36 AM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2010 2:36 AM 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4/30/2010 5:52 AM 3795560]
S4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/19/2010 2:38 AM 1284600]
S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [11/5/2010 5:53 PM 327000]
S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/19/2010 2:38 AM 3360760]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 08:36]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 08:36]
.
2012-01-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-261478967-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-01-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-261478967-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-01-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-18 01:29]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-07 02:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-261478967-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,92,72,7e,2d,7e,1b,42,8c,a2,f8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,92,72,7e,2d,7e,1b,42,8c,a2,f8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1268)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-01-07 02:53:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 08:53
ComboFix2.txt 2012-01-04 02:13
.
Pre-Run: 4,017,479,680 bytes free
Post-Run: 3,549,253,632 bytes free
.
- - End Of File - - E6618068BEF7C0B37DB53248E7F71339

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sun Jan 08, 2012 7:31 pm

Are you able to run programs in normal mode after the last scan?

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Mon Jan 09, 2012 6:21 am

I am still unable to open executables. How important was internet access to the last scan? I ran it without it.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Tue Jan 10, 2012 5:48 pm

We need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass. *Note: You will find "registrybackup.reg" in your C: drive.

Next

Open notepad and copy and paste next present in the Codebox below in it:
(don't forget to copy and paste REGEDIT4)



Code:
    REGEDIT4

    [-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

    [-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

    [-HKEY_CLASSES_ROOT\.exe\shell\open\command]

    [HKEY_CLASSES_ROOT\.exe]
    @="exefile"
    "Content Type"="application/x-msdownload"

    [-HKEY_CLASSES_ROOT\secfile]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok

Please Reboot your computer.

Then run Malwarebytes' Anti-Malware.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Jan 11, 2012 9:35 am

Regedit is an executable. I cannot open it without the association of a registry file, however, I can open it if you provide a path to a harmless .reg file.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Thu Jan 12, 2012 7:36 pm

Please log in into the account where exe files won't run.
Then, make sure extensions are shown, see [You must be registered and logged in to see this link.] how to do this.
Then, navigate to the C:\Program Files\Malwarebytes' Antimalware folder and locate the file mbam.exe in there
Rename mbam.exe to mbam.com
Then, doubleclick mbam.com. This will allow malwarebytes to open. First use the update tab and check if there are updates. Download the updates.
Then, perform a quick scan and let Malwarebytes remove what it found. Reboot afterwards.

Post the Malwarebytes log please.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Mon Jan 16, 2012 2:46 pm

Extensions are shown. Since I cannot open executables without the association of a file to open(like a .txt will automatically open notepad and so on), how would you like me to install malwarebytes antimalware? I can use my administrator account in safe mode if you wish.

Sorry for the delay I have been working some serious hardcore hours.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Mon Jan 16, 2012 4:14 pm

Sorry for the delay I have been working some serious hardcore hours.
I totally understand!!

Yes, please let malwarebytes run in safe mode.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Feb 01, 2012 2:48 pm

Sorry haven't sat down at my computer for awhile. School started and it is taking up most of my time.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.02.01.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: REVENANT [administrator]

Protection: Disabled

2/1/2012 8:21:07 AM
mbam-log-2012-02-01 (08-21-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223108
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Valyndiir\Local Settings\Application Data\vbu.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Documents and Settings\Valyndiir\Application Data\1008400906 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Documents and Settings\Valyndiir\My Documents\Downloads\SetupGamevance (1).exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\My Documents\Downloads\SetupGamevance.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\Local Settings\Temp\0.25676968679658907.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\Local Settings\Temp\0.6452679908422556.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\Local Settings\Temp\0.7951409320393679.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\Local Settings\Temp\0.966954844714732.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\Local Settings\Temp\0.1972760706810851.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valyndiir\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Sat Feb 04, 2012 4:19 pm

bump

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sun Feb 05, 2012 6:59 pm

Sorry kama, I am still waiting for approval on the next step.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Tue Feb 07, 2012 7:52 pm

Sorry for the delay, I just got approval.

Please read carefully and follow these steps.

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.


Then:




  • Download[You must be registered and logged in to see this link.] onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.

    Note: To Copy - highlight text and choosing CTRL C or by right click and choose copy
    To Paste - by clicking in your post box here on the forum and choosing CTRL V or right click and choose paste






If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Wed Feb 08, 2012 7:18 pm

You want me to do this in safe mode right? I hope the person who is approving these steps realizes I cannot open executables under my regular admin login.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Thu Feb 09, 2012 10:19 pm

You want me to do this in safe mode right?
Sure, are you still unable to use normal mode?





If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Fri Feb 10, 2012 7:13 am

I can use my regular login but I cannot open most executables and administrative privelages on my regular login are denied. Some executables I can open but most of these anti-virus programs we are using have some sort of signature and the virus seems to pick up on them when I am logged in with my regular account. Is this going no where? Doesn't running these programs under a different account only effect that particular account? I will do as you ask and continue to run these programs under the default admin account, since that is the only one I can run executables under.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Fri Feb 10, 2012 6:14 pm

continue to run these programs under the default admin account
I was under the impression we were using safe mode. Is this not correct?
Does this computer have more than 1 user account?
Sorry if I misunderstood.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Sat Feb 11, 2012 5:23 am

This computer has a default admin account which I leave aside for reasons such as this and it also has an admin account for normal use which is infected. We have been operating in safe mode under the default admin account because executables will not run under the infected account even in safe mode, at least none of the ones we want to run. I can only open programs that have file associations. For instance, I can probably open regedit if I double click a .reg file and direct the computer to use regedit in order to open it. That noted, combofix also was not run in safe mode under the infected account so there may still be restore points we could utilize. I guess we are back to step one.

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sun Feb 12, 2012 9:04 pm

It's okay. We are not going to give up yet.

Download [You must be registered and logged in to see this link.] to your desktop.
When you save it to your desktop name it MBRCheck.com

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Thu Feb 16, 2012 10:38 pm

So you want me to run this in the uninfected default admin account and not my infected personal account?

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Thu Feb 16, 2012 10:59 pm

I hope this is what you wanted.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000010f5

Kernel Drivers (total 110):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7717000 symmpi.sys
0xF7482000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7462000 fltmgr.sys
0xF7450000 sr.sys
0xF7439000 KSecDD.sys
0xF7426000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF786A000 NDIS.sys
0xF740C000 Mup.sys
0xF7667000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7787000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF778F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF779F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7677000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7687000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB83DD000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7923000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB8392000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB835B000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF76A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF792B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8344000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8314000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB82CF000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF7995000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8271000 \SystemRoot\system32\DRIVERS\update.sys
0xB87FC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7577000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7567000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF79A3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A79000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8454000 \SystemRoot\System32\drivers\vga.sys
0xB80C2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79AB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8444000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8434000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF7537000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xB803F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7527000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB7FE6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7797000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xB7FC0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7F98000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77DF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB8308000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB7F76000 \SystemRoot\System32\drivers\afd.sys
0xF7507000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB7F4B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7EDB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB846C000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF777F000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB8265000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB84C4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB844C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB825D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8255000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB7DEF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB7DDE000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB8165000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xB8092000 \SystemRoot\System32\Drivers\dump_symmpi.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB87B4000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8082000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBD012000 \SystemRoot\System32\ATMFD.DLL
0xB781E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB75A2000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7892000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 16):
0 System Idle Process
4 System
320 C:\WINDOWS\system32\smss.exe
376 csrss.exe
400 C:\WINDOWS\system32\winlogon.exe
444 C:\WINDOWS\system32\services.exe
456 C:\WINDOWS\system32\lsass.exe
608 C:\WINDOWS\system32\svchost.exe
680 svchost.exe
808 C:\WINDOWS\system32\svchost.exe
852 svchost.exe
960 svchost.exe
1200 C:\WINDOWS\explorer.exe
1540 wmiprvse.exe
1736 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
1884 C:\MBRCheck.com.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive3 Model Number: SEAGATEST3146854LW, Rev: HPS1
PhysicalDrive2 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03
PhysicalDrive0 Model Number: WDCWD800BB-75JHC0, Rev: 06.01C06
PhysicalDrive1 Model Number: ST3250823AS, Rev: 3.03

Size Device Name MBR Status
--------------------------------------------
136 GB \\.\PhysicalDrive3 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Thu Feb 23, 2012 2:47 am

Please read carefully and follow these steps.

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.


Then:


  • Download[You must be registered and logged in to see this link.] onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Sat Mar 10, 2012 7:43 am

Do you have links for tdskiller and otl?

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sat Mar 10, 2012 2:47 pm

On the post above you can hover your cursor over the TDSSkiller, that is Bold after the word download, the link is embedded in the name. Same for OTL.exe.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Fri Jul 06, 2012 6:11 pm

OTL logfile created on: 7/6/2012 12:47:57 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 88.73% Memory free
5.09 Gb Paging File | 4.93 Gb Available in Paging File | 96.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 136.72 Gb Total Space | 4.66 Gb Free Space | 3.41% Space Free | Partition Type: NTFS
Drive D: | 143.11 Gb Total Space | 3.87 Gb Free Space | 2.70% Space Free | Partition Type: NTFS
Drive E: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 6.58 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
Drive G: | 5.91 Gb Total Space | 1.98 Gb Free Space | 33.50% Space Free | Partition Type: FAT32
Drive H: | 232.43 Gb Total Space | 5.11 Gb Free Space | 2.20% Space Free | Partition Type: FAT32
Drive M: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: REVENANT | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 12:29:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/12 14:59:37 | 000,604,488 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011/04/12 14:59:35 | 000,361,288 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/11/05 18:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Disabled | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/06/15 10:19:03 | 003,583,592 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/04/30 06:52:54 | 003,795,560 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2010/03/13 09:10:16 | 003,360,760 | ---- | M] (Tall Emu) [Auto | Stopped] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/03/13 09:10:16 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Stopped] -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/15 04:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ijji\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/24 23:43:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/08/24 23:43:54 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010/09/23 23:58:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/09/23 21:11:31 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/06/30 22:07:22 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32)
DRV - [2010/06/10 14:10:27 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/03/13 08:39:10 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/03/13 08:38:58 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/03/13 08:38:54 | 000,226,680 | ---- | M] (Tall Emu) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/02/15 23:38:12 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/04/14 23:09:06 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/04/14 23:09:04 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/11 02:46:48 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Valyndiir\Local Settings\Temp\jatmlano.sys -- (jatmlano)
DRV - [2005/04/13 14:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2005/04/13 14:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/08/14 05:41:14 | 000,030,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2001/12/19 12:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\Documents and Settings\Valyndiir\My Documents\Downloads\winxpvirtualcdcontrolpanel_21\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 EA 23 A0 9E 5B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files\GameTap Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/05/19 21:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/01/23 04:02:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/22 04:09:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/06/28 01:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/17 04:08:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 14:38:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/29 23:06:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/17 04:08:17 | 000,000,000 | ---D | M]

[2012/01/07 03:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/09/05 22:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 12:39:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/16 10:23:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/13 12:39:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/01 03:11:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 14:38:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/01/07 03:50:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE0E3EFE-D5CD-4DC5-8AF8-86338E0972F1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/19 03:08:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/09/04 18:30:47 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/28 07:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/01/04 19:10:06 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/11/10 08:42:24 | 000,000,046 | R--- | M] () - M:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "McComponentHostService"
MsConfig - Services: "TuneUp.Defrag"
MsConfig - Services: "SwitchBoard"
MsConfig - Services: "SpyHunter 4 Service"
MsConfig - Services: "SeaPort"
MsConfig - Services: "PnkBstrB"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "npggsvc"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "FsUsbExService"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "TuneUp.ProgramStatisticsSvc"
MsConfig - Services: "ServiceLayer"
MsConfig - Services: "osppsvc"
MsConfig - Services: "ose"
MsConfig - Services: "idsvc"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "avast! Antivirus"
MsConfig - Services: "MBAMService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe - (Insight Software Solutions)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Valyndiir^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: Bing Bar - hkey= - key= - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 01:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/06/13 11:36:11 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 12:45:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/06 12:40:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/06 12:40:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/06 12:37:51 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2012/07/06 12:36:07 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 12:36:07 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2012/07/06 12:36:07 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-261478967-682003330-1003.job
[2012/07/06 12:36:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-261478967-682003330-1004.job
[2012/07/06 12:08:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/06 12:01:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-261478967-682003330-1004.job
[2012/07/06 11:56:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 05:55:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-261478967-682003330-1003.job
[2012/06/29 16:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/28 01:43:39 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/28 01:42:57 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/06/15 03:04:09 | 000,429,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/15 03:04:09 | 000,066,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 03:18:34 | 003,577,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 03:07:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/06 11:48:07 | 001,973,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/28 01:42:57 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/02/01 09:27:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 09:22:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/03 20:26:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/03 20:26:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/03 20:26:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/03 20:26:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/03 20:26:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/29 03:35:22 | 000,014,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c0468mq3721ch5e2q013428xbraka4fic0xi60
[2011/11/26 21:28:47 | 000,277,860 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/26 21:28:47 | 000,277,860 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/26 21:28:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/26 21:27:54 | 002,129,710 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/05/09 23:46:26 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/04/22 16:40:02 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2011/03/09 14:27:19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/03/03 00:18:59 | 000,000,857 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2011/02/18 11:48:50 | 000,000,046 | ---- | C] () -- C:\WINDOWS\VID_DirectX.INI
[2011/01/24 04:12:23 | 000,077,377 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2011/01/23 03:51:38 | 000,172,814 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2011/01/23 03:51:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2010/10/31 21:41:15 | 000,352,648 | ---- | C] () -- C:\WINDOWS\System32\SysCheck2.dll
[2010/09/18 23:03:17 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/09/18 23:02:59 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/09/18 23:02:55 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/09/18 23:02:55 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/07/16 14:39:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2010/07/13 23:31:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/07/10 23:33:54 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Fri Jul 06, 2012 6:13 pm

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012/01/06 17:23:40 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/08/12 11:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/04/11 17:53:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/07 14:38:39 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/07 14:38:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/07 14:38:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/07 14:38:27 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/06 17:24:16 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/18 18:53:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/03/18 18:53:51 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/03/18 18:53:51 | 000,933,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2009/02/19 09:34:30 | 000,036,608 | ---- | M] () -- C:\WINDOWS\system32\FsUsbExDisk.Sys
[2006/02/28 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2006/02/28 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2012/05/15 08:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/08/12 11:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpfpp082.dll

< %SYSTEMDRIVE%\*.* >
[2012/02/16 17:32:02 | 038,688,540 | ---- | M] () -- C:\47_south.park.s15e14.hdtv.xvid_asap_97ffb.flv
[2012/01/09 01:22:06 | 004,713,472 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2010/03/19 03:08:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/03 20:58:33 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2012/07/06 12:37:51 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/07 03:53:39 | 000,022,059 | ---- | M] () -- C:\ComboFix.txt
[2010/03/19 03:08:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/01/05 19:57:07 | 000,000,155 | ---- | M] () -- C:\Debug.log
[2010/03/19 03:08:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/01/07 03:57:19 | 000,022,059 | ---- | M] () -- C:\log.txt
[2012/02/01 09:18:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam--setup-1.60.1.1000.exe
[2012/02/01 09:36:51 | 000,005,188 | ---- | M] () -- C:\mbam-log-2012-02-01 (08-21-07).txt
[2012/02/16 17:35:44 | 000,080,384 | ---- | M] () -- C:\MBRCheck.com.exe
[2012/02/16 17:54:32 | 000,007,212 | ---- | M] () -- C:\MBRCheck_02.16.12_16.54.28.txt
[2010/03/19 03:08:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/01 17:33:58 | 000,000,050 | ---- | M] () -- C:\notepad.exe
[2006/02/28 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/11 17:49:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/07/06 12:40:14 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/02/20 21:48:22 | 000,000,109 | ---- | M] () -- C:\Recommendations on Multivitamin and Omega-3 supplements - Bodybuilding.com Forums.URL
[2012/02/07 16:15:44 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\TaDSfasdfasdfSKillser.exe
[2012/07/06 12:42:55 | 000,188,972 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_12.40.52_log.txt
[2012/02/08 14:16:24 | 002,041,778 | ---- | M] () -- C:\tdsskiller.zip

< %PROGRAMFILES%\*. >
[2011/06/23 17:53:47 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/07/29 01:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/03/19 03:36:13 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/05/24 23:23:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/12/27 04:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2011/10/17 00:55:31 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/12/21 01:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\AutoHotkey
[2010/07/01 17:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2010/05/19 21:50:30 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010/05/24 23:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/01/07 03:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/03/19 03:05:52 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/04/27 19:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/10/17 01:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\Direct MIDI to MP3 Converter
[2011/07/28 20:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Dll-Files.com Fixer
[2011/03/15 16:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Dragon Age 2
[2011/02/08 16:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\Emicsoft Studio
[2010/08/31 16:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/03/27 09:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2010/06/19 23:34:04 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2010/09/23 23:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\GameTap Downloader
[2011/09/05 22:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\GameTap Player
[2010/07/12 18:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\GameTap Web Player
[2011/08/08 13:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2011/08/08 13:20:28 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2011/05/25 17:47:05 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/01/18 17:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hotline Communications Ltd
[2010/07/17 11:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA Media
[2011/01/23 04:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/03/10 12:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2011/08/08 13:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Inbox Toolbar
[2011/10/15 01:55:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/13 23:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2012/06/14 03:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/05/24 23:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/24 23:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/11/16 10:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/29 01:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\KingsIsle Entertainment
[2011/05/16 15:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2010/12/21 03:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\Macro Express3
[2011/02/18 11:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2011/03/09 16:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2012/02/01 09:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/27 19:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
[2010/04/11 17:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/04/25 03:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/02/08 16:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2010/03/19 03:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/04/09 01:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2011/02/08 16:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/12 03:27:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/11 03:01:22 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/06/17 20:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/08/26 09:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2011/09/30 03:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/12/01 22:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/03/19 03:05:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/03/19 03:05:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/05/19 21:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2010/04/29 03:00:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/04/09 01:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/04/11 17:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/10 17:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\New Folder
[2011/11/26 21:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/03/19 03:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/09/06 01:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/12/15 04:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/04/27 19:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2011/11/27 23:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2010/05/24 23:24:13 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/06/17 04:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2011/09/30 03:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/10/15 01:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2011/12/27 04:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2010/03/19 03:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Tall Emu
[2010/08/06 00:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2011/11/27 03:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\The Elder Scrolls V Skyrim
[2010/03/24 02:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2011/04/12 14:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2009
[2010/03/19 03:15:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/05/26 20:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/11/27 03:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2011/02/17 14:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/05/18 15:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/05/18 15:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/04/11 17:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/03/19 03:07:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/03/10 12:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/03/19 03:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/07/11 19:49:29 | 000,000,000 | ---D | M] -- C:\Program Files\Xfire

< %appdata%\*.* >
[2010/03/18 18:57:10 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini

< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sata_ide\nvata.sys
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sata_ide\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\legacy\nvatabus.sys
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sataraid\nvatabus.sys
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\legacy\nvatabus.sys
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2002/08/14 05:41:14 | 000,030,848 | ---- | M] (LSI Logic) MD5=F32B8C39E5C54E765595C9C5B9B9AB9E -- C:\WINDOWS\OemDir\symmpi.sys
[2002/08/14 05:41:14 | 000,030,848 | ---- | M] (LSI Logic) MD5=F32B8C39E5C54E765595C9C5B9B9AB9E -- C:\WINDOWS\system32\drivers\symmpi.sys

< MD5 for: USBSTOR.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2010/04/11 17:45:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-15 08:04:43

< >

< >

< >

< >

< End of report >

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Fri Jul 06, 2012 6:23 pm

OTL Extras logfile created on: 7/6/2012 1:15:13 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 85.90% Memory free
5.09 Gb Paging File | 4.86 Gb Available in Paging File | 95.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 136.72 Gb Total Space | 4.65 Gb Free Space | 3.40% Space Free | Partition Type: NTFS
Drive D: | 143.11 Gb Total Space | 3.87 Gb Free Space | 2.70% Space Free | Partition Type: NTFS
Drive E: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 6.58 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
Drive G: | 5.91 Gb Total Space | 1.98 Gb Free Space | 33.50% Space Free | Partition Type: FAT32
Drive H: | 232.43 Gb Total Space | 5.11 Gb Free Space | 2.20% Space Free | Partition Type: FAT32
Drive M: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: REVENANT | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe" = C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe:*:Enabled:GameTap Web Player -- (Metaboli)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"D:\Program Files\VideoLAN\VLC\vlc.exe" = D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Games\Gametap\games\150038750\smashfrenzy4\SmashFrenzy4.EN.full\SF4.exe" = C:\Games\Gametap\games\150038750\smashfrenzy4\SmashFrenzy4.EN.full\SF4.exe:*:Enabled:smashfrenzy4 -- ()
"C:\GameTap\Games\gothic3\Gothic3.exe" = C:\GameTap\Games\gothic3\Gothic3.exe:*:Enabled:Gothic 3 -- (Pluto 13 GmbH)
"C:\GameTap\Games\darkhorizoneng\dark_horizon.exe" = C:\GameTap\Games\darkhorizoneng\dark_horizon.exe:*:Enabled:darkhorizoneng -- (Akella, Quazar Studio)
"C:\GameTap\Games\darkhorizoneng\setup.exe" = C:\GameTap\Games\darkhorizoneng\setup.exe:*:Enabled:darkhorizoneng -- ()
"C:\GameTap\Games\darkhorizoneng\DirectX9\DXSETUP.exe" = C:\GameTap\Games\darkhorizoneng\DirectX9\DXSETUP.exe:*:Enabled:darkhorizoneng -- (Microsoft Corporation)
"C:\GameTap\Games\darkhorizoneng\luac.exe" = C:\GameTap\Games\darkhorizoneng\luac.exe:*:Enabled:darkhorizoneng -- ()
"C:\GameTap\Games\twoworlds2pirateengt\TwoWorlds2.exe" = C:\GameTap\Games\twoworlds2pirateengt\TwoWorlds2.exe:*:Enabled:twoworlds2pirateengt -- (Reality Pump)
"C:\GameTap\Games\twoworlds2pirateengt\TwoWorlds2_DX10.exe" = C:\GameTap\Games\twoworlds2pirateengt\TwoWorlds2_DX10.exe:*:Enabled:twoworlds2pirateengt -- (Reality Pump)
"C:\ijji\FrostWire 5\FrostWire.exe" = C:\ijji\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10631C28-62E5-477C-9B40-40C5EA8219BE}" = Black & White® 2 Battle of the Gods
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8B350509-F0B5-4F58-AA8B-A23C762A7F64}_is1" = Puzzle Quest 2
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 276.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 276.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3A3F5C5-E95B-456D-952B-DDEC3AF68319}_is1" = GameTap Player
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by Kama on Fri Jul 06, 2012 6:24 pm

"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter version 6.2.2.46
"Downloader" = Downloader
"Emicsoft FLV Converter_is1" = Emicsoft FLV Converter
"FLV Player" = FLV Player 2.0 (build 25)
"FrostWire 5" = FrostWire 5.3.6
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Hotline Client 1.8.5" = Hotline Client 1.8.5
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InterActual Player" = InterActual Player
"Macro Express 3" = Macro Express 3
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineArmor_is1" = Online Armor 4.0
"OpenAL" = OpenAL
"Plant Tycoon®" = Plant Tycoon®
"Postal Fudge Pack" = Postal Fudge Pack
"PunkBusterSvc" = PunkBuster Services
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.1.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2012 4:14:52 AM | Computer Name = REVENANT | Source = ESENT | ID = 489
Description = wuauclt (1548) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/4/2012 4:14:52 AM | Computer Name = REVENANT | Source = ESENT | ID = 455
Description = wuaueng.dll (1548) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/4/2012 4:15:02 AM | Computer Name = REVENANT | Source = ESENT | ID = 489
Description = wuauclt (1548) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/4/2012 4:15:02 AM | Computer Name = REVENANT | Source = ESENT | ID = 455
Description = wuaueng.dll (1548) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/6/2012 9:02:30 AM | Computer Name = REVENANT | Source = Application Error | ID = 1000
Description = Faulting application quake3.exe, version 0.0.0.0, faulting module
quake3.exe, version 0.0.0.0, fault address 0x000aec17.

Error - 6/11/2012 4:41:09 PM | Computer Name = REVENANT | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
gcswf32.dll, version 10.3.183.5, fault address 0x003a4078.

Error - 6/14/2012 4:21:42 AM | Computer Name = REVENANT | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Office Single Image 2010 -- Error 1704. An installation
for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 6/19/2012 7:44:41 PM | Computer Name = REVENANT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2012 7:21:37 AM | Computer Name = REVENANT | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2012 10:43:22 PM | Computer Name = REVENANT | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/6/2012 12:46:29 PM | Computer Name = REVENANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 7/6/2012 12:46:32 PM | Computer Name = REVENANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 7/6/2012 12:47:25 PM | Computer Name = REVENANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 7/6/2012 12:47:28 PM | Computer Name = REVENANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 7/6/2012 12:47:31 PM | Computer Name = REVENANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 7/6/2012 1:37:31 PM | Computer Name = REVENANT | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/6/2012 1:37:36 PM | Computer Name = REVENANT | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/6/2012 1:37:51 PM | Computer Name = REVENANT | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/6/2012 1:40:52 PM | Computer Name = REVENANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/6/2012 1:41:19 PM | Computer Name = REVENANT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips OADevice Processor


< End of report >

Kama
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2011-12-30
OS : Windows 7 64-bit
Points : 18451
# Likes : 0

View user profile

Back to top Go down

Re: rundll32.exe virus

Post by houndmom on Sat Jul 07, 2012 4:12 pm

Did you run TDSSKiller? I also need to see that log.
Thanks!



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate
Points : 29727
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum