Rkill 2.6.

8 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/26/2014 05:14:22 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Possibly Patched Files.
* C:\WINDOWS\system32\spoolsv.exe
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* System Restore Disabled
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = dword:00000001
* System Restore Disabled
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = dword:00000001
* System Restore Disabled
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic
y\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* Servicio de restauracin de sistema (srservice) is not Running.
Startup Type set to: Automatic
* Controlador de filtro de Restaurar sistema (sr) is not Running.
Startup Type set to: Disabled
* ERSvc [Missing Service]
* Messenger [Missing Service]

* wscsvc [Missing Service]

* Alerter [Missing ImagePath]
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\comctl32.dll : 617,472 : 07/29/2007 07:45 AM : 3e555c1abb
1f5df1649b83b1878ac123 [NoSig]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.
0.0.0_x-ww_1382d70a\comctl32.dll : 921,088 : 07/29/2007 06:30 PM : aef3d788dbf40
c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.
0.2600.2982_x-ww_ac3f9c03\comctl32.dll : 1,054,208 : 07/29/2007 06:30 PM : 27cdc
d592cccbc1a5a62a0de169b5bbb [Pos Repl]
* C:\WINDOWS\System32\es.dll : 243,200 : 07/29/2007 07:45 AM : 0d0f85237e32538f
58278d673032676a [NoSig]
* C:\WINDOWS\System32\ipsecsvc.dll : 184,832 : 07/29/2007 07:45 AM : efda8e54be
fb3e5fb8c4ee797ec3f5d6 [NoSig]
* C:\WINDOWS\System32\kernel32.dll : 1,039,360 : 07/29/2007 07:45 AM : e5bebae6
1a1ebfe320300f0a327543dc [NoSig]
* C:\WINDOWS\System32\linkinfo.dll : 19,968 : 07/29/2007 07:45 AM : c4e7cefd380
2415865e631be3ab6ac3b [NoSig]
* C:\WINDOWS\System32\mfc40u.dll : 927,504 : 07/29/2007 07:45 AM : 2b7a4915332b
5dd133536e1e7e436654 [NoSig]
* C:\WINDOWS\System32\netman.dll : 197,632 : 07/29/2007 07:46 AM : 157b6fcb5827
0e3df3ed67d316dcece0 [NoSig]
* C:\WINDOWS\System32\ntkrnlpa.exe : 2,061,824 : 07/29/2007 07:46 AM : fda9504c
4993043ef75ad2f59cd6daba [NoSig]
* C:\WINDOWS\System32\ntoskrnl.exe : 2,184,576 : 07/29/2007 07:46 AM : 61bdb266
7827d484604c9a09248d6223 [NoSig]
* C:\WINDOWS\System32\ole32.dll : 1,285,632 : 07/29/2007 07:46 AM : 1ccd86af896
8519ae6bf9729fc566f1a [NoSig]
* C:\WINDOWS\System32\rasadhlp.dll : 7,680 : 07/29/2007 07:46 AM : 93d6aea2b292
424863412eebcc0834cf [NoSig]
* C:\WINDOWS\System32\rpcss.dll : 398,336 : 07/29/2007 07:46 AM : 78793aae30e77
a07d6c5a378d163b909 [NoSig]
* C:\WINDOWS\System32\schannel.dll : 144,896 : 07/29/2007 07:46 AM : a51ac87223
bd90336029fae59a7c2b62 [NoSig]
* C:\WINDOWS\System32\shsvcs.dll : 135,168 : 07/29/2007 07:46 AM : 00c566d725f8
0e77daacb82d1fed4493 [NoSig]
* C:\WINDOWS\System32\spoolsv.exe : 57,856 : 07/29/2007 07:46 AM : ad3d9d191aea
7b5445fe1d82ffbb4788 [NoSig]
* C:\WINDOWS\System32\tapisrv.dll : 249,344 : 07/29/2007 07:46 AM : 861e25215ba
370d4ca9337c2bc0e647f [NoSig]

* C:\WINDOWS\System32\upnphost.dll : 185,344 : 07/29/2007 07:46 AM : fcb8d49e28

b6ab1bc09ac240b07badfc [NoSig]
* C:\WINDOWS\System32\user32.dll : 579,072 : 07/29/2007 07:46 AM : 237fb93c6b43
30d8ee7d2448cf71c5ed [NoSig]
* C:\WINDOWS\System32\UxTheme.dll : 220,160 : 07/29/2007 06:08 PM : 47526566c78
f4a67aa9b0fdeef5a1088 [NoSig]
* C:\WINDOWS\System32\wdigest.dll : 49,152 : 07/29/2007 07:46 AM : d0f567429778
40b0291bad3a675a4e5c [NoSig]
* C:\WINDOWS\System32\wiaservc.dll : 334,336 : 07/29/2007 07:46 AM : fbbc9adc4e
3fb61f7346517f04239123 [NoSig]
* C:\WINDOWS\explorer.exe : 1,035,776 : 07/29/2007 07:45 AM : dbb6b75cc6cb2cf8e
c0bafca08aed6be [NoSig]
* C:\WINDOWS\System32\drivers\aec.sys : 142,464 : 07/29/2007 08:46 AM : 1ee7b43
4ba961ef845de136224c30fec [NoSig]
* C:\WINDOWS\System32\drivers\fltMgr.sys : 128,768 : 07/29/2007 07:45 AM : 5a85
cd3d07273e3f6fe72ee9c6431632 [NoSig]
* C:\WINDOWS\System32\drivers\http.sys : 262,656 : 07/29/2007 07:45 AM : 909d11
0c9634b0f1487eaaea837317d9 [NoSig]
* C:\WINDOWS\System32\drivers\ipnat.sys : 134,912 : 07/29/2007 07:45 AM : d58ec
d3b3969a670e68588f1640920b6 [NoSig]
* C:\WINDOWS\System32\drivers\kmixer.sys : 172,416 : 07/29/2007 08:46 AM : 8531
438246ce9474e41ee1599904c0c7 [NoSig]
* C:\WINDOWS\System32\drivers\mrxsmb.sys : 454,656 : 07/29/2007 07:45 AM : 3ecc
5f53a627b28a23aa7cc8c9376db4 [NoSig]
* C:\WINDOWS\System32\drivers\ntfs.sys : 574,976 : 02/09/2007 06:23 AM : 05ab81
909514bfd69cbb1f2c147cf6b9 [NoSig]
* C:\WINDOWS\System32\drivers\nwrdr.sys : 163,456 : 07/29/2007 07:46 AM : bbbc2
e555bb5e4adbaeb1447f11c68c9 [NoSig]
* C:\WINDOWS\System32\drivers\rdbss.sys : 174,592 : 07/29/2007 07:46 AM : ed375
ce745c42a14f10753f7022ecd6a [NoSig]
* C:\WINDOWS\System32\drivers\rdpwd.sys : 139,528 : 07/29/2007 07:46 AM : 047be
a21274c8a4a233674a76c958c2c [NoSig]
* C:\WINDOWS\System32\drivers\rmcast.sys : 202,496 : 07/29/2007 07:46 AM : bcea
2b2bf1b6dddd11e65b7478f2d19a [NoSig]
* C:\WINDOWS\System32\drivers\splitter.sys : 6,272 : 07/29/2007 08:47 AM : 9bb1
dd670cb7505a90fc4e61d4aa8227 [NoSig]
* C:\WINDOWS\System32\drivers\srv.sys : 332,928 : 07/29/2007 07:46 AM : 5230953
c21c811b5fc1ff31ae2b48097 [NoSig]
* C:\WINDOWS\System32\drivers\tcpip6.sys : 225,664 : 07/29/2007 07:46 AM : a026
ea381b026d05a4a3d2388d80c3b8 [NoSig]

* C:\WINDOWS\System32\Drivers\tcpip.sys : 360,576 : 07/29/2007 06:08 PM : c79df

4477c0d82bb045cbc50e2b677e9 [NoSig]
* C:\WINDOWS\System32\drivers\update.sys : 364,160 : 07/29/2007 07:46 AM : 7b21
70ee3d858ce8fbe503904cc9b663 [NoSig]
* C:\WINDOWS\System32\drivers\usbehci.sys : 30,080 : 07/29/2007 08:47 AM : b0d7
020386c7187ef9c5a9643f289cd3 [NoSig]
* C:\WINDOWS\System32\drivers\usbport.sys : 143,360 : 07/29/2007 08:47 AM : 6a6
e905b6761edf5bc5245a335950b3d [NoSig]
* C:\WINDOWS\System32\drivers\usbuhci.sys : 20,608 : 07/29/2007 08:47 AM : ff6e
4fdeb82dc228efa490336409c6bd [NoSig]
* C:\WINDOWS\System32\drivers\wdmaud.sys : 82,944 : 07/29/2007 08:47 AM : 0bfa8
203b8148fb4e54bc212c41ce497 [NoSig]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1
127.0.0.1

localhost
mpa.one.microsoft.com

Program finished at: 09/26/2014 05:15:11 PM

Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)