Spyware Warrior

awills · Posted: Wed Nov 30, 2011 1:11 pm Post subject: Search Redirect Problems

Hello,

I'm having problems with Search Engine redirects.

Here is the DDS and attach.txt

Thanks,
Alan Wills

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Alan at 14:52:51 on 2011-11-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.291 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Workspace\offSyncService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Workspace\WorkspaceUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\lotus\org6\organize\iehelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Starfield Updater] "c:\program files\workspace\WorkspaceUpdate.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [<NO NAME>]
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [MozillaAgent] c:\windows\temp\_ex-68.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
LSP: mswsock.dll
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146750340046
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://atlasonepoint.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.93.40.36 24.93.40.37 4.2.2.2
TCP: Interfaces\{44A80742-2897-462C-976F-D58CF55F7DAC} : DhcpNameServer = 24.93.40.36 24.93.40.37 4.2.2.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\qb2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alan\application data\mozilla\firefox\profiles\8fl6srxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\documents and settings\alan\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 MpKsl35ea9147;MpKsl35ea9147;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl35ea9147.sys [2011-11-30 28752]
R1 MpKsl862f0c1b;MpKsl862f0c1b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl862f0c1b.sys [2011-11-30 28752]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2011-9-20 1185008]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-6-10 12184]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sshipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sSHIPWORKS [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-11-30 50704]
R3 QuickBooksDB19;QuickBooksDB19;c:\qb2009\qbdbmgrn.exe -hvquickbooksdb19 --> c:\qb2009\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S0 PQV2i;PQV2i; [x]
S1 MpKsl17d69c8b;MpKsl17d69c8b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3021e201-faa3-4d78-87f6-49d07b77e2bd}\mpksl17d69c8b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3021e201-faa3-4d78-87f6-49d07b77e2bd}\MpKsl17d69c8b.sys [?]
S1 MpKsl1f309b98;MpKsl1f309b98;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ce25180-128d-471f-8fd8-1416e01104a7}\mpksl1f309b98.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ce25180-128d-471f-8fd8-1416e01104a7}\MpKsl1f309b98.sys [?]
S1 MpKsl2c30d531;MpKsl2c30d531;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37355912-3c38-413d-8a96-13ca067ba82f}\mpksl2c30d531.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37355912-3c38-413d-8a96-13ca067ba82f}\MpKsl2c30d531.sys [?]
S1 MpKsl3b551118;MpKsl3b551118;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{465139c3-a8ba-43c7-948f-b30045c13cea}\mpksl3b551118.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{465139c3-a8ba-43c7-948f-b30045c13cea}\MpKsl3b551118.sys [?]
S1 MpKsl46b8fd13;MpKsl46b8fd13;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe6d9ebc-e653-4df5-ba75-be1f22a45809}\mpksl46b8fd13.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe6d9ebc-e653-4df5-ba75-be1f22a45809}\MpKsl46b8fd13.sys [?]
S1 MpKsl54f7d93a;MpKsl54f7d93a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7a3760-133e-4915-8367-fd7ea342dbba}\mpksl54f7d93a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7a3760-133e-4915-8367-fd7ea342dbba}\MpKsl54f7d93a.sys [?]
S1 MpKsl5eed803b;MpKsl5eed803b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a7e60bb-fe59-4c18-9d4a-bee0f72a104c}\mpksl5eed803b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a7e60bb-fe59-4c18-9d4a-bee0f72a104c}\MpKsl5eed803b.sys [?]
S1 MpKsl739ab74e;MpKsl739ab74e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c93cef6-6416-4263-89f1-6d81e34d5c0e}\mpksl739ab74e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c93cef6-6416-4263-89f1-6d81e34d5c0e}\MpKsl739ab74e.sys [?]
S1 MpKsl7c99e997;MpKsl7c99e997;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c583d658-46bd-41ee-b1a4-41a3f388e602}\mpksl7c99e997.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c583d658-46bd-41ee-b1a4-41a3f388e602}\MpKsl7c99e997.sys [?]
S1 MpKsl8d0898f7;MpKsl8d0898f7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbc6a9cf-c3c9-45a6-ab52-7570dddd233a}\mpksl8d0898f7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbc6a9cf-c3c9-45a6-ab52-7570dddd233a}\MpKsl8d0898f7.sys [?]
S1 MpKsl99f05907;MpKsl99f05907;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95ab08ad-78c0-40a2-9363-298db95b01be}\mpksl99f05907.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95ab08ad-78c0-40a2-9363-298db95b01be}\MpKsl99f05907.sys [?]
S1 MpKsla74883ef;MpKsla74883ef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d55ff09b-c7d7-4abf-a95d-d5851b0260d2}\mpksla74883ef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d55ff09b-c7d7-4abf-a95d-d5851b0260d2}\MpKsla74883ef.sys [?]
S1 MpKslac9e66ec;MpKslac9e66ec;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{419fba26-108a-4d6c-a5c1-94f2702ca26c}\mpkslac9e66ec.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{419fba26-108a-4d6c-a5c1-94f2702ca26c}\MpKslac9e66ec.sys [?]
S1 MpKslb03aa1cd;MpKslb03aa1cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da12cc37-9e9a-489c-9843-d9e5104f217e}\mpkslb03aa1cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da12cc37-9e9a-489c-9843-d9e5104f217e}\MpKslb03aa1cd.sys [?]
S1 MpKsld4e69266;MpKsld4e69266;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eddf0944-fa3f-4988-a3ee-eedfaf22ffa6}\mpksld4e69266.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eddf0944-fa3f-4988-a3ee-eedfaf22ffa6}\MpKsld4e69266.sys [?]
S1 PQIMount;PQIMount; [x]
S1 vscombus;VScom port enumerator;c:\windows\system32\drivers\vsc2k.sys [2005-5-25 113312]
S1 vspcipar;VScom parallel port;c:\windows\system32\drivers\vsp2k.sys [2005-5-25 45792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-6 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-6 136176]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-9-14 23096]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.exe -i shipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.EXE -i SHIPWORKS [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-21 11520]
.
=============== Created Last 30 ================
.
2011-11-30 20:31:56 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl35ea9147.sys
2011-11-30 19:06:37 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-30 19:06:37 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-11-30 19:06:37 100880 ----a-w- c:\windows\system32\Packet.dll
2011-11-30 17:15:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-30 16:36:42 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl862f0c1b.sys
2011-11-30 15:22:38 -------- d-----w- c:\documents and settings\alan\application data\Malwarebytes
2011-11-30 15:21:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-30 15:20:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 15:20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 14:04:13 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\offreg.dll
2011-11-30 14:04:08 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\mpengine.dll
2011-11-22 17:05:38 -------- d-----w- C:\JDownloader
2011-11-07 15:50:25 -------- d-----w- C:\BC
.
==================== Find3M ====================
.
2011-11-28 14:07:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:55:35.05 ===============

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Alan at 14:52:51 on 2011-11-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.291 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Workspace\offSyncService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Workspace\WorkspaceUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\lotus\org6\organize\iehelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Starfield Updater] "c:\program files\workspace\WorkspaceUpdate.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [<NO NAME>]
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [MozillaAgent] c:\windows\temp\_ex-68.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
LSP: mswsock.dll
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146750340046
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://atlasonepoint.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.93.40.36 24.93.40.37 4.2.2.2
TCP: Interfaces\{44A80742-2897-462C-976F-D58CF55F7DAC} : DhcpNameServer = 24.93.40.36 24.93.40.37 4.2.2.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\qb2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alan\application data\mozilla\firefox\profiles\8fl6srxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\documents and settings\alan\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 MpKsl35ea9147;MpKsl35ea9147;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl35ea9147.sys [2011-11-30 28752]
R1 MpKsl862f0c1b;MpKsl862f0c1b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl862f0c1b.sys [2011-11-30 28752]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2011-9-20 1185008]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-6-10 12184]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sshipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sSHIPWORKS [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-11-30 50704]
R3 QuickBooksDB19;QuickBooksDB19;c:\qb2009\qbdbmgrn.exe -hvquickbooksdb19 --> c:\qb2009\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S0 PQV2i;PQV2i; [x]
S1 MpKsl17d69c8b;MpKsl17d69c8b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3021e201-faa3-4d78-87f6-49d07b77e2bd}\mpksl17d69c8b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3021e201-faa3-4d78-87f6-49d07b77e2bd}\MpKsl17d69c8b.sys [?]
S1 MpKsl1f309b98;MpKsl1f309b98;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ce25180-128d-471f-8fd8-1416e01104a7}\mpksl1f309b98.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ce25180-128d-471f-8fd8-1416e01104a7}\MpKsl1f309b98.sys [?]
S1 MpKsl2c30d531;MpKsl2c30d531;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37355912-3c38-413d-8a96-13ca067ba82f}\mpksl2c30d531.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37355912-3c38-413d-8a96-13ca067ba82f}\MpKsl2c30d531.sys [?]
S1 MpKsl3b551118;MpKsl3b551118;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{465139c3-a8ba-43c7-948f-b30045c13cea}\mpksl3b551118.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{465139c3-a8ba-43c7-948f-b30045c13cea}\MpKsl3b551118.sys [?]
S1 MpKsl46b8fd13;MpKsl46b8fd13;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe6d9ebc-e653-4df5-ba75-be1f22a45809}\mpksl46b8fd13.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe6d9ebc-e653-4df5-ba75-be1f22a45809}\MpKsl46b8fd13.sys [?]
S1 MpKsl54f7d93a;MpKsl54f7d93a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7a3760-133e-4915-8367-fd7ea342dbba}\mpksl54f7d93a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7a3760-133e-4915-8367-fd7ea342dbba}\MpKsl54f7d93a.sys [?]
S1 MpKsl5eed803b;MpKsl5eed803b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a7e60bb-fe59-4c18-9d4a-bee0f72a104c}\mpksl5eed803b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a7e60bb-fe59-4c18-9d4a-bee0f72a104c}\MpKsl5eed803b.sys [?]
S1 MpKsl739ab74e;MpKsl739ab74e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c93cef6-6416-4263-89f1-6d81e34d5c0e}\mpksl739ab74e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c93cef6-6416-4263-89f1-6d81e34d5c0e}\MpKsl739ab74e.sys [?]
S1 MpKsl7c99e997;MpKsl7c99e997;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c583d658-46bd-41ee-b1a4-41a3f388e602}\mpksl7c99e997.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c583d658-46bd-41ee-b1a4-41a3f388e602}\MpKsl7c99e997.sys [?]
S1 MpKsl8d0898f7;MpKsl8d0898f7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbc6a9cf-c3c9-45a6-ab52-7570dddd233a}\mpksl8d0898f7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbc6a9cf-c3c9-45a6-ab52-7570dddd233a}\MpKsl8d0898f7.sys [?]
S1 MpKsl99f05907;MpKsl99f05907;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95ab08ad-78c0-40a2-9363-298db95b01be}\mpksl99f05907.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95ab08ad-78c0-40a2-9363-298db95b01be}\MpKsl99f05907.sys [?]
S1 MpKsla74883ef;MpKsla74883ef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d55ff09b-c7d7-4abf-a95d-d5851b0260d2}\mpksla74883ef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d55ff09b-c7d7-4abf-a95d-d5851b0260d2}\MpKsla74883ef.sys [?]
S1 MpKslac9e66ec;MpKslac9e66ec;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{419fba26-108a-4d6c-a5c1-94f2702ca26c}\mpkslac9e66ec.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{419fba26-108a-4d6c-a5c1-94f2702ca26c}\MpKslac9e66ec.sys [?]
S1 MpKslb03aa1cd;MpKslb03aa1cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da12cc37-9e9a-489c-9843-d9e5104f217e}\mpkslb03aa1cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da12cc37-9e9a-489c-9843-d9e5104f217e}\MpKslb03aa1cd.sys [?]
S1 MpKsld4e69266;MpKsld4e69266;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eddf0944-fa3f-4988-a3ee-eedfaf22ffa6}\mpksld4e69266.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eddf0944-fa3f-4988-a3ee-eedfaf22ffa6}\MpKsld4e69266.sys [?]
S1 PQIMount;PQIMount; [x]
S1 vscombus;VScom port enumerator;c:\windows\system32\drivers\vsc2k.sys [2005-5-25 113312]
S1 vspcipar;VScom parallel port;c:\windows\system32\drivers\vsp2k.sys [2005-5-25 45792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-6 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-6 136176]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-9-14 23096]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.exe -i shipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.EXE -i SHIPWORKS [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-21 11520]
.
=============== Created Last 30 ================
.
2011-11-30 20:31:56 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl35ea9147.sys
2011-11-30 19:06:37 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-30 19:06:37 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-11-30 19:06:37 100880 ----a-w- c:\windows\system32\Packet.dll
2011-11-30 17:15:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-30 16:36:42 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\MpKsl862f0c1b.sys
2011-11-30 15:22:38 -------- d-----w- c:\documents and settings\alan\application data\Malwarebytes
2011-11-30 15:21:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-30 15:20:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 15:20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 14:04:13 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\offreg.dll
2011-11-30 14:04:08 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ada41394-df97-4297-9b30-25e49992e977}\mpengine.dll
2011-11-22 17:05:38 -------- d-----w- C:\JDownloader
2011-11-07 15:50:25 -------- d-----w- C:\BC
.
==================== Find3M ====================
.
2011-11-28 14:07:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:55:35.05 ===============

Cypher · Posted: Thu Dec 01, 2011 8:41 am Post subject:

Hi and welcome back to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.

If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Remember, absence of symptoms does not mean the infection is all gone.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process.
Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.

awills

Thanks for your assistance.

I was having big problems with computer so I jumped ahead in the process and ran ComboFix program.

Here is attach file and ComboFix log.

I will wait for you advice before proceeding with any more removal programs.

--Alan Wills

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/25/2005 12:09:23 PM
System Uptime: 11/30/2011 2:30:41 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0C5706
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 74.998 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is NetworkDisk (NTFS) - 64 GiB total, 2.156 GiB free.
H: is NetworkDisk (NTFS) - 64 GiB total, 2.156 GiB free.
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Network Adapter with SpeedBooster
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00421737&REV_02\4&10416D21&0&10F0
Manufacturer: Linksys
Name: Linksys Wireless-G PCI Network Adapter with SpeedBooster
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00421737&REV_02\4&10416D21&0&10F0
Service: BCM43XX
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AbleCommerce DataPort 7.0.3
Add-ons
Adobe Acrobat Connect Add-in
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Community Help
Adobe Connect Add-in
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS
Adobe Media Player
Adobe Photoshop 6.0
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe SVG Viewer 3.0
Adobe Widget Browser
Amazon Seller Desktop
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Beyond Compare Version 3.1.3
Block Diagrams
Block Diagrams Help
Bonjour
BootSkin
Borders and Backgrounds
Borders and Backgrounds Help
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
CAD Drawing Display
calibre
Callouts and Connectors
Callouts and Connectors Help
CCleaner
CeRegEditor 0.0.4.4
Clip Art and Symbols
Clip Art and Symbols Help
Cole2k Media - Codec Pack (Advanced) 7.9.0
ColorVision v2.0.5
Combined Community Codec Pack 2008-01-24
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Custom Properties Editor
Database Wizard
Defraggler
Developing Visio Solutions Help
DevExpress End User Documentation
EPSON TWAIN 5
eReg
FeedDemon
FileZilla Client 3.5.2
Flash Video Studio 4.0(remove only)
Flowcharts
Flowcharts Help
Forms and Charts
Forms and Charts Help
Genuine Fractals
GoodSync
Google AdWords Editor
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 4.5.0.457
GrabIt 1.7.2 Beta 6 (build 1008)
Graphics Filters
Help for Visio 2000 (HTML Help)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hotfix for Windows XP (KB983458)
hp LaserJet 1150 / 1300
IBM Lotus Organizer 6 - English
IIS6 Manager
IncrediFlash XTreme 2.0(remove only)
InFlac 1.1.1
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Logitech SetPoint 6.30
Malwarebytes' Anti-Malware version 1.51.2.1300
MapPoint Save Map Image Addon
Maps
Maps Help
MarketingBuilder
Maxtor OneTouch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft MapPoint 2006 with SpatialPoint Add-Ins
Microsoft MapPoint North America 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Reader for Pocket PC
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Desktop Engine (SHIPWORKS)
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Service Pack 3
Microsoft Windows Media Video 9 VCM
Microsoft WSE 2.0 SP3
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MiniTool Power Data Recovery
Mozilla Firefox 8.0 (x86 en-US)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Mycroft TimeOff 2
Napster
Napster Burn Engine
Napster for Windows Media Player
Network Diagrams
Network Diagrams Help
Octoshape add-in for Adobe Flash Player
Office Layout
Office Layout Help
OGA Notifier 2.0.0048.0
Organization Charts
Organization Charts Help
Page Layout Wizard
PANTONE(R) colorist
PDF Settings CS5
Plextor ConvertX AV100U A/V Capture Device Driver
PowerDVD 5.1
Program Files
Program Files Help
Project Schedules
Project Schedules Help
Property Reporting Wizard
QBWebConnector
QuickBooks
QuickBooks Pro 2009
QuickTime
Recuva
Release Notes
RoboForm 7-6-3
RoboForm for Pocket PC
SABnzbd 0.6.9
Save as HTML
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel Protection Installer 7.1.0
SES Driver
Shape Explorer
Shape Explorer Help
ShipWorks® 2.9.68
Solutions
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony USB Driver
Spelling
Spybot - Search & Destroy
Spyder2PRO
SupportSoft Assisted Service
Tablet
Times Reader
Toodledo Sync Application
Unlocker 1.8.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (MXO)
VBA
Viewpoint Manager (Remove Only)
VirtualCloneDrive
Visio
Visio 2000
Visio Core Files
Visual Studio 2005 Tools for Office Second Edition Runtime
WebEx
WebFldrs XP
Windows 7 USB/DVD Download Tool
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
WinSCP 4.1.9
WinZip 11.2
Workspace Desktop
XviD Video Codec 1.1.2-01022007
.
==== Event Viewer Messages From Past Week ========
.
11/30/2011 9:24:18 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
11/30/2011 9:22:33 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user ALAN\IWAM_ALAN SID (S-1-5-21-3478479250-1628989359-2805036376-1012). This security permission can be modified using the Component Services administrative tool.
11/30/2011 10:38:33 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/30/2011 10:37:38 AM, error: Service Control Manager [7023] - The World Wide Web Publishing service terminated with the following error: TCP/IP network protocol not installed.
11/30/2011 10:37:38 AM, error: Service Control Manager [7023] - The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: TCP/IP network protocol not installed.
11/28/2011 8:07:10 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2351.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80244022 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/28/2011 7:56:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde PQIMount
11/28/2011 7:55:49 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
11/28/2011 3:32:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================

ComboFix 11-12-01.01 - Alan 12/01/2011 9:12.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -6:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB49854$\1196083011
c:\windows\$NtUninstallKB49854$\2350861985\@
c:\windows\$NtUninstallKB49854$\2350861985\bckfg.tmp
c:\windows\$NtUninstallKB49854$\2350861985\cfg.ini
c:\windows\$NtUninstallKB49854$\2350861985\Desktop.ini
c:\windows\$NtUninstallKB49854$\2350861985\keywords
c:\windows\$NtUninstallKB49854$\2350861985\kwrd.dll
c:\windows\$NtUninstallKB49854$\2350861985\L\iahonoel
c:\windows\$NtUninstallKB49854$\2350861985\lsflt7.ver
c:\windows\$NtUninstallKB49854$\2350861985\U\00000001.@
c:\windows\$NtUninstallKB49854$\2350861985\U\00000002.@
c:\windows\$NtUninstallKB49854$\2350861985\U\00000004.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000000.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000004.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000032.@
c:\windows\CSC\d6
c:\windows\CSC\d6\00000015
c:\windows\CSC\d6\8000001D
c:\windows\CSC\d6\80000025
c:\windows\CSC\d6\8000002D
c:\windows\CSC\d6\80000035
c:\windows\CSC\d6\8000003D
c:\windows\CSC\d6\80000045
c:\windows\CSC\d6\8000004D
c:\windows\system32\Packet.dll
c:\windows\system32\usmt\migwiz_a.exe
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-08.exe
c:\windows\Temp\_ex-68.exe
c:\windows\$NtUninstallKB49854$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 15:49 . 2011-12-01 15:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\offreg.dll
2011-11-30 22:44 . 2011-11-30 22:44 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-11-30 19:06 . 2011-11-30 19:06 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-30 17:15 . 2011-11-30 17:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-30 16:51 . 2011-11-30 16:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-30 15:22 . 2011-11-30 15:22 -------- d-----w- c:\documents and settings\Alan\Application Data\Malwarebytes
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-30 15:20 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 15:20 . 2011-11-30 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 14:04 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\mpengine.dll
2011-11-22 17:05 . 2011-11-22 17:07 -------- d-----w- C:\JDownloader
2011-11-07 15:50 . 2011-11-09 15:00 -------- d-----w- C:\BC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 14:07 . 2011-05-23 13:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-03-05 16:53 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 14:07 . 2011-03-23 14:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys
.
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[7] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[7] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ERDNT\cache\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\mshtml.dll
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[7] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[7] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\wininet.dll
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\dllcache\wininet.dll
[7] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[7] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\ERDNT\cache\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp1

Cypher · Posted: Thu Dec 01, 2011 9:13 am Post subject:

Hi awills,

awills · Posted: Thu Dec 01, 2011 9:29 am Post subject: Here is ComboFix log

Hello Cypher,

Here is complete log file for ComboFix.

Noted. ComboFix can potentially cause major problems and make computer inoperable.

Fortunately, workstation is now working better. Except for one big problem....network connections are not working. My workstation will not connect to LAN.

Best regards,
Alan

ComboFix 11-12-01.01 - Alan 12/01/2011 9:12.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -6:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB49854$\1196083011
c:\windows\$NtUninstallKB49854$\2350861985\@
c:\windows\$NtUninstallKB49854$\2350861985\bckfg.tmp
c:\windows\$NtUninstallKB49854$\2350861985\cfg.ini
c:\windows\$NtUninstallKB49854$\2350861985\Desktop.ini
c:\windows\$NtUninstallKB49854$\2350861985\keywords
c:\windows\$NtUninstallKB49854$\2350861985\kwrd.dll
c:\windows\$NtUninstallKB49854$\2350861985\L\iahonoel
c:\windows\$NtUninstallKB49854$\2350861985\lsflt7.ver
c:\windows\$NtUninstallKB49854$\2350861985\U\00000001.@
c:\windows\$NtUninstallKB49854$\2350861985\U\00000002.@
c:\windows\$NtUninstallKB49854$\2350861985\U\00000004.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000000.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000004.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000032.@
c:\windows\CSC\d6
c:\windows\CSC\d6\00000015
c:\windows\CSC\d6\8000001D
c:\windows\CSC\d6\80000025
c:\windows\CSC\d6\8000002D
c:\windows\CSC\d6\80000035
c:\windows\CSC\d6\8000003D
c:\windows\CSC\d6\80000045
c:\windows\CSC\d6\8000004D
c:\windows\system32\Packet.dll
c:\windows\system32\usmt\migwiz_a.exe
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-08.exe
c:\windows\Temp\_ex-68.exe
c:\windows\$NtUninstallKB49854$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 15:49 . 2011-12-01 15:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\offreg.dll
2011-11-30 22:44 . 2011-11-30 22:44 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-11-30 19:06 . 2011-11-30 19:06 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-30 17:15 . 2011-11-30 17:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-30 16:51 . 2011-11-30 16:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-30 15:22 . 2011-11-30 15:22 -------- d-----w- c:\documents and settings\Alan\Application Data\Malwarebytes
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-30 15:20 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 15:20 . 2011-11-30 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 14:04 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\mpengine.dll
2011-11-22 17:05 . 2011-11-22 17:07 -------- d-----w- C:\JDownloader
2011-11-07 15:50 . 2011-11-09 15:00 -------- d-----w- C:\BC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 14:07 . 2011-05-23 13:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-03-05 16:53 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 14:07 . 2011-03-23 14:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys
.
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[7] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[7] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ERDNT\cache\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\mshtml.dll
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[7] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[7] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\wininet.dll
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\dllcache\wininet.dll
[7] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[7] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\ERDNT\cache\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[7] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[7] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[7] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[7] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[7] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[7] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
.
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie8\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe
[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe
[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
.
[7] 2010-12-13 14:36 . 0E20A3213ED010FC4997D1EF48082ABC . 912344 . . [1.9.2.13] . . c:\windows\ERDNT\cache\firefox.exe
.
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051

Cypher · Posted: Thu Dec 01, 2011 9:42 am Post subject:

Hi awills,
The ComboFix log is still incomplete are you sure that's all there is?

Add/Remove programs

Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the following if present.

awills · Posted: Thu Dec 01, 2011 9:49 am Post subject: Repost of Combofix log file

Here is the log file of ComboFix. Not sure why it is not posting completely in the forum post.

ComboFix 11-12-01.01 - Alan 12/01/2011 9:12.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -6:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB49854$\1196083011
c:\windows\$NtUninstallKB49854$\2350861985\@
c:\windows\$NtUninstallKB49854$\2350861985\bckfg.tmp
c:\windows\$NtUninstallKB49854$\2350861985\cfg.ini
c:\windows\$NtUninstallKB49854$\2350861985\Desktop.ini
c:\windows\$NtUninstallKB49854$\2350861985\keywords
c:\windows\$NtUninstallKB49854$\2350861985\kwrd.dll
c:\windows\$NtUninstallKB49854$\2350861985\L\iahonoel
c:\windows\$NtUninstallKB49854$\2350861985\lsflt7.ver
c:\windows\$NtUninstallKB49854$\2350861985\U\00000001.@
c:\windows\$NtUninstallKB49854$\2350861985\U\00000002.@
c:\windows\$NtUninstallKB49854$\2350861985\U\00000004.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000000.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000004.@
c:\windows\$NtUninstallKB49854$\2350861985\U\80000032.@
c:\windows\CSC\d6
c:\windows\CSC\d6\00000015
c:\windows\CSC\d6\8000001D
c:\windows\CSC\d6\80000025
c:\windows\CSC\d6\8000002D
c:\windows\CSC\d6\80000035
c:\windows\CSC\d6\8000003D
c:\windows\CSC\d6\80000045
c:\windows\CSC\d6\8000004D
c:\windows\system32\Packet.dll
c:\windows\system32\usmt\migwiz_a.exe
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-08.exe
c:\windows\Temp\_ex-68.exe
c:\windows\$NtUninstallKB49854$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 15:49 . 2011-12-01 15:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\offreg.dll
2011-11-30 22:44 . 2011-11-30 22:44 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-11-30 19:06 . 2011-11-30 19:06 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-30 17:15 . 2011-11-30 17:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-30 16:51 . 2011-11-30 16:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-30 15:22 . 2011-11-30 15:22 -------- d-----w- c:\documents and settings\Alan\Application Data\Malwarebytes
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-30 15:20 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 15:20 . 2011-11-30 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 14:04 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\mpengine.dll
2011-11-22 17:05 . 2011-11-22 17:07 -------- d-----w- C:\JDownloader
2011-11-07 15:50 . 2011-11-09 15:00 -------- d-----w- C:\BC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 14:07 . 2011-05-23 13:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-03-05 16:53 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 14:07 . 2011-03-23 14:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys
.
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[7] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[7] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ERDNT\cache\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\mshtml.dll
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[7] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[7] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\wininet.dll
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\dllcache\wininet.dll
[7] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[7] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\ERDNT\cache\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[7] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[7] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[7] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[7] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[7] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[7] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
.
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie8\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe
[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe
[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
.
[7] 2010-12-13 14:36 . 0E20A3213ED010FC4997D1EF48082ABC . 912344 . . [1.9.2.13] . . c:\windows\ERDNT\cache\firefox.exe
.
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[7] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D

awills · Posted: Thu Dec 01, 2011 9:50 am Post subject: Continuation of log file.

Continuation of log file.....

[7] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[7] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starfield Updater"="c:\program files\Workspace\WorkspaceUpdate.exe" [2011-10-28 34496]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-11 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2005-06-30 94208]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-09-05 17:04 2904984 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-05 17:04 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 13:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 12:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-04 17:19 135664 ----atw- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-06-15 05:32 1532760 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 22:34 86960 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\QB2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Alan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Napster\\napster.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\QB2009\\QBW32Pro.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [9/20/2011 2:30 PM 1185008]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/10/2011 2:16 PM 12184]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [3/26/2010 3:07 AM 91992]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:34 AM 24652]
R3 QuickBooksDB19;QuickBooksDB19;c:\qb2009\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\qb2009\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S0 PQV2i;PQV2i; [x]
S1 MpKsl17d69c8b;MpKsl17d69c8b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3021E201-FAA3-4D78-87F6-49D07B77E2BD}\MpKsl17d69c8b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3021E201-FAA3-4D78-87F6-49D07B77E2BD}\MpKsl17d69c8b.sys [?]
S1 MpKsl1f309b98;MpKsl1f309b98;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE25180-128D-471F-8FD8-1416E01104A7}\MpKsl1f309b98.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE25180-128D-471F-8FD8-1416E01104A7}\MpKsl1f309b98.sys [?]
S1 MpKsl2c30d531;MpKsl2c30d531;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37355912-3C38-413D-8A96-13CA067BA82F}\MpKsl2c30d531.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37355912-3C38-413D-8A96-13CA067BA82F}\MpKsl2c30d531.sys [?]
S1 MpKsl3b551118;MpKsl3b551118;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{465139C3-A8BA-43C7-948F-B30045C13CEA}\MpKsl3b551118.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{465139C3-A8BA-43C7-948F-B30045C13CEA}\MpKsl3b551118.sys [?]
S1 MpKsl46b8fd13;MpKsl46b8fd13;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE6D9EBC-E653-4DF5-BA75-BE1F22A45809}\MpKsl46b8fd13.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE6D9EBC-E653-4DF5-BA75-BE1F22A45809}\MpKsl46b8fd13.sys [?]
S1 MpKsl54f7d93a;MpKsl54f7d93a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF7A3760-133E-4915-8367-FD7EA342DBBA}\MpKsl54f7d93a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF7A3760-133E-4915-8367-FD7EA342DBBA}\MpKsl54f7d93a.sys [?]
S1 MpKsl5eed803b;MpKsl5eed803b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A7E60BB-FE59-4C18-9D4A-BEE0F72A104C}\MpKsl5eed803b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A7E60BB-FE59-4C18-9D4A-BEE0F72A104C}\MpKsl5eed803b.sys [?]
S1 MpKsl739ab74e;MpKsl739ab74e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C93CEF6-6416-4263-89F1-6D81E34D5C0E}\MpKsl739ab74e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C93CEF6-6416-4263-89F1-6D81E34D5C0E}\MpKsl739ab74e.sys [?]
S1 MpKsl7c99e997;MpKsl7c99e997;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C583D658-46BD-41EE-B1A4-41A3F388E602}\MpKsl7c99e997.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C583D658-46BD-41EE-B1A4-41A3F388E602}\MpKsl7c99e997.sys [?]
S1 MpKsl8d0898f7;MpKsl8d0898f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBC6A9CF-C3C9-45A6-AB52-7570DDDD233A}\MpKsl8d0898f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBC6A9CF-C3C9-45A6-AB52-7570DDDD233A}\MpKsl8d0898f7.sys [?]
S1 MpKsl99f05907;MpKsl99f05907;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95AB08AD-78C0-40A2-9363-298DB95B01BE}\MpKsl99f05907.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95AB08AD-78C0-40A2-9363-298DB95B01BE}\MpKsl99f05907.sys [?]
S1 MpKsla74883ef;MpKsla74883ef;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55FF09B-C7D7-4ABF-A95D-D5851B0260D2}\MpKsla74883ef.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55FF09B-C7D7-4ABF-A95D-D5851B0260D2}\MpKsla74883ef.sys [?]
S1 MpKslac9e66ec;MpKslac9e66ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{419FBA26-108A-4D6C-A5C1-94F2702CA26C}\MpKslac9e66ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{419FBA26-108A-4D6C-A5C1-94F2702CA26C}\MpKslac9e66ec.sys [?]
S1 MpKslb03aa1cd;MpKslb03aa1cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA12CC37-9E9A-489C-9843-D9E5104F217E}\MpKslb03aa1cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA12CC37-9E9A-489C-9843-D9E5104F217E}\MpKslb03aa1cd.sys [?]
S1 MpKslcaadd689;MpKslcaadd689;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\MpKslcaadd689.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADA41394-DF97-4297-9B30-25E49992E977}\MpKslcaadd689.sys [?]
S1 MpKsld4e69266;MpKsld4e69266;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDDF0944-FA3F-4988-A3EE-EEDFAF22FFA6}\MpKsld4e69266.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDDF0944-FA3F-4988-A3EE-EEDFAF22FFA6}\MpKsld4e69266.sys [?]
S1 PQIMount;PQIMount; [x]
S1 vscombus;VScom port enumerator;c:\windows\system32\drivers\vsc2k.sys [5/25/2005 11:47 AM 113312]
S1 vspcipar;VScom parallel port;c:\windows\system32\drivers\vsp2k.sys [5/25/2005 11:47 AM 45792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 9:40 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 9:40 AM 136176]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [9/14/2009 11:29 AM 23096]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/21/2011 1:50 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BASFND
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-MDR-Alan.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-22 13:46]
.
2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 15:40]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 15:40]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1912307573-248057077-311576647-1003Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 17:19]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1912307573-248057077-311576647-1003UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 17:19]
.
2011-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
TCP: DhcpNameServer = 24.93.40.36 24.93.40.37 4.2.2.2
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\8fl6srxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-01 09:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,d3,e6,4b,d2,86,62,4a,ad,6c,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,d3,e6,4b,d2,86,62,4a,ad,6c,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):11,0b,52,34,37,3f,a3,63,fc,2f,9c,48,f9,cd,3f,cd,1c,72,86,4c,61,
38,9c,99,98,5e,da,d6,3c,69,f2,ae,5e,fd,0e,76,a8,23,49,23,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{87a44b7e-8d05-4933-8d09-c9e54b3699f3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000062
"Therad"=dword:00000025
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2872)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\GEARSec.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\Tablet.exe
c:\program files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\qb2009\QBDBMgrN.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\SoftwareDistribution\Download\Install\AM_Delta.exe
c:\windows\system32\MpSigStub.exe
.
**************************************************************************
.
Completion time: 2011-12-01 10:22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 16:21
.
Pre-Run: 88,686,870,528 bytes free
Post-Run: 88,969,826,304 bytes free
.
- - End Of File - - 2DC4CE78D89555EF9D83D55559112420

Cypher · Posted: Thu Dec 01, 2011 10:24 am Post subject:

Hi awills,
Good that's the whole CombiFix log.
Post the results of the ESET scan when ready.
_________________
Admin/Teacher at Malware Removal University
Member of...

awills · Posted: Thu Dec 01, 2011 1:28 pm Post subject: ESET log file

Hi Cypher,

Here's the log file from ESET scan.

Best regards,
Alan

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8bc14572b965fb479e1eaa615f42664e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-01 09:24:38
# local_time=2011-12-01 03:24:38 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 0 18740865 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=206795
# found=5
# cleaned=0
# scan_time=10767
C:\Documents and Settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\49\81c50b1-2f133df2 Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\61\76b1c0fd-34ac2622 Java/Exploit.Agent.NAO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\56\646bccb8-349937ff a variant of Win32/Kryptik.WKK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Flash Video Studio 4.0\CPASetup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.FW trojan (unable to clean) 00000000000000000000000000000000 I

Cypher · Posted: Fri Dec 02, 2011 3:06 am Post subject:

Hi awills,

Clear Java cache

Click on Start > Control Panel > Classic view then double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button.
There are two options in the window to clear the cache - Leave BOTH Checked.
- Applications and Applets
- Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

Next.

Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:

awills

Hello Cypher,

Confirmed. Java cache is cleared.

Here are the scan results.

http://virusscan.jotti.org/en/scanresult/fb8a5fae195190b90c6e46945e8a1f2674d5dbea

http://virusscan.jotti.org/en/scanresult/4be0894171c9b6b8d5a6be40d9f33ad3d72d0705

Best Regards,
Alan

Cypher · Posted: Fri Dec 02, 2011 8:30 am Post subject:

Hi Alan,
Good work so far.

Please download TDSSKiller.exe and save it to your Desktop.

Double click on TDSSKiller.exe to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT

_________________
Admin/Teacher at Malware Removal University
Member of...

awills · Posted: Fri Dec 02, 2011 9:00 am Post subject: TDSS log

10:59:50.0484 2944 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:59:51.0125 2944 ============================================================
10:59:51.0125 2944 Current date / time: 2011/12/02 10:59:51.0125
10:59:51.0125 2944 SystemInfo:
10:59:51.0125 2944
10:59:51.0125 2944 OS Version: 5.1.2600 ServicePack: 3.0
10:59:51.0125 2944 Product type: Workstation
10:59:51.0125 2944 ComputerName: ALAN
10:59:51.0125 2944 UserName: Alan
10:59:51.0125 2944 Windows directory: C:\WINDOWS
10:59:51.0125 2944 System windows directory: C:\WINDOWS
10:59:51.0125 2944 Processor architecture: Intel x86
10:59:51.0125 2944 Number of processors: 2
10:59:51.0125 2944 Page size: 0x1000
10:59:51.0125 2944 Boot type: Normal boot
10:59:51.0125 2944 ============================================================
11:00:00.0046 2944 Initialize success
11:00:10.0359 4016 ============================================================
11:00:10.0359 4016 Scan started
11:00:10.0359 4016 Mode: Manual;
11:00:10.0359 4016 ============================================================
11:00:12.0093 4016 Abiosdsk - ok
11:00:12.0468 4016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:00:12.0640 4016 abp480n5 - ok
11:00:14.0078 4016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:00:14.0343 4016 ACPI - ok
11:00:15.0218 4016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:00:15.0359 4016 ACPIEC - ok
11:00:16.0046 4016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:00:16.0156 4016 adpu160m - ok
11:00:16.0359 4016 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
11:00:16.0359 4016 aeaudio - ok
11:00:16.0421 4016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:00:16.0421 4016 aec - ok
11:00:16.0484 4016 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:00:16.0656 4016 AegisP - ok
11:00:17.0203 4016 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:00:17.0203 4016 AFD - ok
11:00:17.0609 4016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:00:17.0609 4016 agp440 - ok
11:00:17.0734 4016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:00:17.0875 4016 agpCPQ - ok
11:00:18.0500 4016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:00:18.0531 4016 Aha154x - ok
11:00:19.0062 4016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:00:19.0078 4016 aic78u2 - ok
11:00:19.0109 4016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:00:19.0109 4016 aic78xx - ok
11:00:19.0140 4016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:00:19.0140 4016 AliIde - ok
11:00:19.0328 4016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:00:19.0359 4016 alim1541 - ok
11:00:20.0156 4016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:00:20.0156 4016 amdagp - ok
11:00:20.0281 4016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:00:20.0281 4016 amsint - ok
11:00:20.0375 4016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:00:20.0375 4016 asc - ok
11:00:20.0390 4016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:00:20.0390 4016 asc3350p - ok
11:00:20.0453 4016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:00:20.0453 4016 asc3550 - ok
11:00:20.0531 4016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:00:20.0531 4016 AsyncMac - ok
11:00:20.0593 4016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:00:20.0593 4016 atapi - ok
11:00:20.0859 4016 Atdisk - ok
11:00:20.0906 4016 ati2mtag (c82240ce60a9326e52282f62ba923f27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:00:20.0921 4016 ati2mtag - ok
11:00:21.0109 4016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:00:21.0140 4016 Atmarpc - ok
11:00:21.0312 4016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:00:21.0328 4016 audstub - ok
11:00:21.0453 4016 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:00:21.0453 4016 b57w2k - ok
11:00:21.0546 4016 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
11:00:21.0546 4016 BASFND - ok
11:00:21.0640 4016 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:00:21.0640 4016 BCM43XX - ok
11:00:21.0703 4016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:00:21.0703 4016 Beep - ok
11:00:21.0796 4016 BootScreen (5a6cca16cf233ad6b233f5ab25a39aca) C:\WINDOWS\System32\drivers\vidstub.sys
11:00:21.0859 4016 BootScreen - ok
11:00:21.0859 4016 catchme - ok
11:00:21.0890 4016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:00:21.0890 4016 cbidf - ok
11:00:21.0906 4016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:00:21.0906 4016 cbidf2k - ok
11:00:22.0015 4016 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:00:22.0015 4016 CCDECODE - ok
11:00:22.0046 4016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:00:22.0046 4016 cd20xrnt - ok
11:00:22.0046 4016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:00:22.0046 4016 Cdaudio - ok
11:00:22.0140 4016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:00:22.0140 4016 Cdfs - ok
11:00:22.0187 4016 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:00:22.0234 4016 Cdrom - ok
11:00:22.0234 4016 Changer - ok
11:00:22.0265 4016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:00:22.0265 4016 CmdIde - ok
11:00:22.0281 4016 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:00:22.0281 4016 Compbatt - ok
11:00:22.0312 4016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:00:22.0312 4016 Cpqarray - ok
11:00:22.0406 4016 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
11:00:22.0406 4016 cvspydr2 - ok
11:00:22.0437 4016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:00:22.0437 4016 dac2w2k - ok
11:00:22.0500 4016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:00:22.0500 4016 dac960nt - ok
11:00:22.0593 4016 DCamUSBEMPIA (f7d785ba9d167bdb0b9b19f79b220aca) C:\WINDOWS\system32\DRIVERS\emDevice.sys
11:00:22.0593 4016 DCamUSBEMPIA - ok
11:00:22.0609 4016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:00:22.0609 4016 Disk - ok
11:00:22.0656 4016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:00:22.0687 4016 dmboot - ok
11:00:22.0734 4016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:00:22.0734 4016 dmio - ok
11:00:22.0750 4016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:00:22.0750 4016 dmload - ok
11:00:22.0781 4016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:00:22.0781 4016 DMusic - ok
11:00:22.0812 4016 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:00:22.0828 4016 Dot4 - ok
11:00:22.0859 4016 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:00:22.0859 4016 Dot4Print - ok
11:00:22.0921 4016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:00:22.0921 4016 dpti2o - ok
11:00:22.0921 4016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:00:22.0937 4016 drmkaud - ok
11:00:22.0953 4016 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
11:00:22.0968 4016 drvmcdb - ok
11:00:22.0984 4016 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
11:00:23.0421 4016 drvnddm - ok
11:00:23.0500 4016 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:00:23.0531 4016 E100B - ok
11:00:23.0687 4016 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
11:00:23.0703 4016 ElbyCDIO - ok
11:00:23.0859 4016 emAudio (8bff3ef6f480b2ba00c0af75b2c8fce1) C:\WINDOWS\system32\drivers\emAudio.sys
11:00:23.0875 4016 emAudio - ok
11:00:23.0906 4016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:00:23.0906 4016 Fastfat - ok
11:00:23.0953 4016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:00:23.0953 4016 Fdc - ok
11:00:24.0046 4016 FiltUSBEMPIA (a752bd7638457a53c9dcd5be1598b3b2) C:\WINDOWS\system32\DRIVERS\emFilter.sys
11:00:24.0046 4016 FiltUSBEMPIA - ok
11:00:24.0093 4016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:00:24.0093 4016 Fips - ok
11:00:24.0125 4016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:00:24.0125 4016 Flpydisk - ok
11:00:24.0171 4016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:00:24.0187 4016 FltMgr - ok
11:00:24.0203 4016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:00:24.0203 4016 Fs_Rec - ok
11:00:24.0234 4016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:00:24.0250 4016 Ftdisk - ok
11:00:24.0296 4016 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:00:24.0296 4016 GearAspiWDM - ok
11:00:24.0328 4016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:00:24.0328 4016 Gpc - ok
11:00:24.0406 4016 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
11:00:24.0421 4016 grmnusb - ok
11:00:24.0500 4016 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
11:00:24.0546 4016 GTNDIS5 - ok
11:00:24.0609 4016 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
11:00:24.0609 4016 HidBatt - ok
11:00:24.0656 4016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:00:24.0671 4016 HidUsb - ok
11:00:24.0718 4016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:00:24.0718 4016 hpn - ok
11:00:24.0812 4016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:00:24.0812 4016 HTTP - ok
11:00:24.0828 4016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:00:24.0828 4016 i2omgmt - ok
11:00:24.0875 4016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:00:24.0875 4016 i2omp - ok
11:00:24.0890 4016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:00:24.0890 4016 i8042prt - ok
11:00:24.0953 4016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:00:24.0953 4016 Imapi - ok
11:00:25.0015 4016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:00:25.0015 4016 ini910u - ok
11:00:25.0093 4016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:00:25.0109 4016 IntelIde - ok
11:00:25.0187 4016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:00:25.0187 4016 intelppm - ok
11:00:25.0250 4016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:00:25.0250 4016 Ip6Fw - ok
11:00:25.0343 4016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:00:25.0343 4016 IpFilterDriver - ok
11:00:25.0359 4016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:00:25.0359 4016 IpInIp - ok
11:00:25.0421 4016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:00:25.0437 4016 IpNat - ok
11:00:25.0453 4016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:00:25.0500 4016 IPSec - ok
11:00:25.0578 4016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:00:25.0578 4016 IRENUM - ok
11:00:25.0625 4016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:00:25.0625 4016 isapnp - ok
11:00:25.0687 4016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:00:25.0703 4016 Kbdclass - ok
11:00:25.0718 4016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:00:25.0734 4016 kbdhid - ok
11:00:25.0765 4016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:00:25.0765 4016 kmixer - ok
11:00:25.0812 4016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:00:25.0812 4016 KSecDD - ok
11:00:25.0859 4016 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:00:25.0875 4016 LBeepKE - ok
11:00:25.0984 4016 lbrtfdc - ok
11:00:26.0109 4016 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:00:26.0156 4016 LHidFilt - ok
11:00:26.0234 4016 LMImirr - ok
11:00:26.0343 4016 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:00:26.0343 4016 LMouFilt - ok
11:00:26.0406 4016 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:00:26.0406 4016 LUsbFilt - ok
11:00:26.0515 4016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:00:26.0515 4016 mnmdd - ok
11:00:26.0578 4016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:00:26.0593 4016 Modem - ok
11:00:26.0656 4016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:00:26.0671 4016 Mouclass - ok
11:00:26.0734 4016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:00:26.0750 4016 mouhid - ok
11:00:26.0781 4016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:00:26.0781 4016 MountMgr - ok
11:00:26.0812 4016 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:00:26.0890 4016 MpFilter - ok
11:00:27.0000 4016 MpKsl17d69c8b - ok
11:00:27.0015 4016 MpKsl1f309b98 - ok
11:00:27.0015 4016 MpKsl2c30d531 - ok
11:00:27.0171 4016 MpKsl2cc23b2d (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2518FB98-1B8F-407D-8C08-14DB7E24126C}\MpKsl2cc23b2d.sys
11:00:27.0171 4016 MpKsl2cc23b2d - ok
11:00:27.0171 4016 MpKsl3b551118 - ok
11:00:27.0187 4016 MpKsl46b8fd13 - ok
11:00:27.0187 4016 MpKsl54f7d93a - ok
11:00:27.0187 4016 MpKsl5eed803b - ok
11:00:27.0203 4016 MpKsl739ab74e - ok
11:00:27.0203 4016 MpKsl7c99e997 - ok
11:00:27.0218 4016 MpKsl8d0898f7 - ok
11:00:27.0218 4016 MpKsl99f05907 - ok
11:00:27.0218 4016 MpKsla74883ef - ok
11:00:27.0234 4016 MpKslac9e66ec - ok
11:00:27.0234 4016 MpKslb03aa1cd - ok
11:00:27.0250 4016 MpKslcaadd689 - ok
11:00:27.0250 4016 MpKsld4e69266 - ok
11:00:27.0343 4016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:00:27.0343 4016 mraid35x - ok
11:00:27.0359 4016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:00:27.0359 4016 MRxDAV - ok
11:00:27.0500 4016 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:00:27.0515 4016 MRxSmb - ok
11:00:27.0593 4016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:00:27.0593 4016 Msfs - ok
11:00:27.0656 4016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:00:27.0656 4016 MSKSSRV - ok
11:00:27.0750 4016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:00:27.0750 4016 MSPCLOCK - ok
11:00:27.0765 4016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:00:27.0781 4016 MSPQM - ok
11:00:27.0812 4016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:00:27.0812 4016 mssmbios - ok
11:00:27.0875 4016 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:00:27.0875 4016 MSTEE - ok
11:00:27.0937 4016 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:00:27.0953 4016 Mup - ok
11:00:28.0000 4016 MXOFX (ca68234d644aca94e7de0c90d2142f9d) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
11:00:28.0000 4016 MXOFX - ok
11:00:28.0046 4016 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:00:28.0046 4016 NABTSFEC - ok
11:00:28.0109 4016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:00:28.0109 4016 NDIS - ok
11:00:28.0156 4016 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:00:28.0156 4016 NdisIP - ok
11:00:28.0250 4016 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:00:28.0250 4016 NdisTapi - ok
11:00:28.0265 4016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:00:28.0265 4016 Ndisuio - ok
11:00:28.0281 4016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:00:28.0281 4016 NdisWan - ok
11:00:28.0468 4016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:00:28.0484 4016 NDProxy - ok
11:00:28.0640 4016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:00:28.0656 4016 NetBIOS - ok
11:00:28.0796 4016 NetBT (28ede20f3d5e95daf113865c030562a3) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:00:32.0390 4016 NetBT - ok
11:00:33.0140 4016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:00:33.0140 4016 Npfs - ok
11:00:33.0187 4016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:00:33.0203 4016 Ntfs - ok
11:00:33.0281 4016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:00:33.0281 4016 Null - ok
11:00:33.0390 4016 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:00:33.0437 4016 nv - ok
11:00:33.0500 4016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:00:33.0500 4016 NwlnkFlt - ok
11:00:33.0515 4016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:00:33.0515 4016 NwlnkFwd - ok
11:00:33.0593 4016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:00:33.0593 4016 Parport - ok
11:00:33.0609 4016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:00:33.0609 4016 PartMgr - ok
11:00:33.0656 4016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:00:33.0656 4016 ParVdm - ok
11:00:33.0671 4016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:00:33.0671 4016 PCI - ok
11:00:33.0687 4016 PCIDump - ok
11:00:33.0703 4016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:00:33.0703 4016 PCIIde - ok
11:00:33.0718 4016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:00:33.0734 4016 Pcmcia - ok
11:00:33.0734 4016 PDCOMP - ok
11:00:33.0750 4016 PDFRAME - ok
11:00:33.0765 4016 PDRELI - ok
11:00:33.0781 4016 PDRFRAME - ok
11:00:33.0859 4016 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
11:00:33.0875 4016 PenClass - ok
11:00:33.0906 4016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:00:33.0906 4016 perc2 - ok
11:00:33.0937 4016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:00:33.0937 4016 perc2hib - ok
11:00:34.0046 4016 PhilCam8116 (a3a4d50051ddbcf390e5918c43c167ef) C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
11:00:34.0046 4016 PhilCam8116 - ok
11:00:34.0140 4016 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\WINDOWS\system32\drivers\pmemnt.sys
11:00:34.0156 4016 PMEM - ok
11:00:34.0187 4016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:00:34.0187 4016 PptpMiniport - ok
11:00:34.0203 4016 PQIMount - ok
11:00:34.0218 4016 PQV2i - ok
11:00:34.0234 4016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:00:34.0234 4016 PSched - ok
11:00:34.0250 4016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:00:34.0250 4016 Ptilink - ok
11:00:34.0296 4016 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:00:34.0296 4016 PxHelp20 - ok
11:00:34.0312 4016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:00:34.0312 4016 ql1080 - ok
11:00:34.0328 4016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:00:34.0343 4016 Ql10wnt - ok
11:00:34.0390 4016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:00:34.0390 4016 ql12160 - ok
11:00:34.0406 4016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:00:34.0406 4016 ql1240 - ok
11:00:34.0437 4016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:00:34.0437 4016 ql1280 - ok
11:00:34.0484 4016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:00:34.0484 4016 RasAcd - ok
11:00:34.0531 4016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:00:34.0531 4016 Rasl2tp - ok
11:00:34.0546 4016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:00:34.0562 4016 RasPppoe - ok
11:00:34.0562 4016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:00:34.0562 4016 Raspti - ok
11:00:34.0593 4016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:00:34.0671 4016 Rdbss - ok
11:00:34.0671 4016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:00:34.0671 4016 RDPCDD - ok
11:00:34.0703 4016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:00:34.0703 4016 rdpdr - ok
11:00:34.0781 4016 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:00:34.0781 4016 RDPWD - ok
11:00:34.0828 4016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:00:34.0890 4016 redbook - ok
11:00:34.0968 4016 ScanUSBEMPIA (7bfa395a95e5d714d222e35f041c46e8) C:\WINDOWS\system32\DRIVERS\emScan.sys
11:00:34.0968 4016 ScanUSBEMPIA - ok
11:00:35.0078 4016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:00:35.0078 4016 Secdrv - ok
11:00:35.0156 4016 Sentinel (412a3a8a9043616b9246bfefc376e933) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:00:35.0500 4016 Sentinel - ok
11:00:35.0531 4016 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:00:35.0531 4016 serenum - ok
11:00:35.0562 4016 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:00:35.0656 4016 Serial - ok
11:00:35.0687 4016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:00:35.0687 4016 Sfloppy - ok
11:00:35.0703 4016 Simbad - ok
11:00:35.0781 4016 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:00:35.0796 4016 sisagp - ok
11:00:35.0812 4016 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:00:35.0812 4016 SLIP - ok
11:00:35.0890 4016 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
11:00:35.0906 4016 smwdm - ok
11:00:36.0015 4016 SndTAudio (e0f0f9b03fe292378384bf658148ac32) C:\WINDOWS\system32\drivers\SndTAudio.sys
11:00:36.0046 4016 SndTAudio - ok
11:00:36.0125 4016 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:00:36.0125 4016 SONYPVU1 - ok
11:00:36.0171 4016 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:00:36.0171 4016 Sparrow - ok
11:00:36.0218 4016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:00:36.0218 4016 splitter - ok
11:00:36.0281 4016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:00:36.0281 4016 sr - ok
11:00:36.0375 4016 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:00:36.0375 4016 Srv - ok
11:00:36.0421 4016 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
11:00:36.0453 4016 sscdbhk5 - ok
11:00:36.0468 4016 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
11:00:36.0515 4016 ssrtln - ok
11:00:36.0562 4016 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:00:36.0578 4016 streamip - ok
11:00:36.0656 4016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:00:36.0656 4016 swenum - ok
11:00:36.0765 4016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:00:36.0781 4016 swmidi - ok
11:00:36.0843 4016 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:00:36.0859 4016 symc810 - ok
11:00:36.0875 4016 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:00:36.0875 4016 symc8xx - ok
11:00:36.0906 4016 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:00:36.0906 4016 sym_hi - ok
11:00:36.0921 4016 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:00:36.0921 4016 sym_u3 - ok
11:00:36.0968 4016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:00:36.0968 4016 sysaudio - ok
11:00:37.0046 4016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:00:37.0046 4016 Tcpip - ok
11:00:37.0156 4016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:00:37.0156 4016 TDPIPE - ok
11:00:37.0250 4016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:00:37.0250 4016 TDTCP - ok
11:00:37.0312 4016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:00:37.0328 4016 TermDD - ok
11:00:37.0406 4016 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
11:00:37.0421 4016 tfsnboio - ok
11:00:37.0437 4016 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
11:00:37.0453 4016 tfsncofs - ok
11:00:37.0468 4016 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
11:00:37.0484 4016 tfsndrct - ok
11:00:37.0578 4016 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
11:00:37.0625 4016 tfsndres - ok
11:00:37.0703 4016 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
11:00:37.0781 4016 tfsnifs - ok
11:00:37.0890 4016 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
11:00:37.0921 4016 tfsnopio - ok
11:00:38.0375 4016 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
11:00:38.0390 4016 tfsnpool - ok
11:00:38.0406 4016 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
11:00:38.0453 4016 tfsnudf - ok
11:00:38.0468 4016 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
11:00:38.0531 4016 tfsnudfa - ok
11:00:38.0640 4016 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:00:38.0640 4016 TosIde - ok
11:00:38.0718 4016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:00:38.0718 4016 Udfs - ok
11:00:38.0765 4016 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:00:38.0781 4016 ultra - ok
11:00:38.0859 4016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:00:38.0875 4016 Update - ok
11:00:38.0984 4016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:00:38.0984 4016 USBAAPL - ok
11:00:39.0078 4016 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:00:39.0078 4016 usbaudio - ok
11:00:39.0125 4016 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:00:39.0125 4016 usbccgp - ok
11:00:39.0187 4016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:00:39.0187 4016 usbehci - ok
11:00:39.0203 4016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:00:39.0203 4016 usbhub - ok
11:00:39.0250 4016 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:00:39.0250 4016 usbprint - ok
11:00:39.0265 4016 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:00:39.0265 4016 usbscan - ok
11:00:39.0312 4016 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:00:39.0312 4016 USBSTOR - ok
11:00:39.0359 4016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:00:39.0375 4016 usbuhci - ok
11:00:39.0406 4016 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:00:39.0406 4016 usb_rndisx - ok
11:00:39.0468 4016 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
11:00:39.0484 4016 VClone - ok
11:00:39.0531 4016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:00:39.0562 4016 VgaSave - ok
11:00:39.0578 4016 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:00:39.0578 4016 viaagp - ok
11:00:39.0609 4016 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:00:39.0609 4016 ViaIde - ok
11:00:39.0687 4016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:00:39.0687 4016 VolSnap - ok
11:00:39.0750 4016 vscombus (19f98398ee7604e2832b67ea8fc07661) C:\WINDOWS\system32\DRIVERS\vsc2k.sys
11:00:39.0765 4016 vscombus - ok
11:00:39.0781 4016 vspcipar (d96af1c5cf484d37d211619d04f3f5a5) C:\WINDOWS\system32\DRIVERS\vsp2k.sys
11:00:39.0828 4016 vspcipar - ok
11:00:39.0859 4016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:00:39.0859 4016 Wanarp - ok
11:00:39.0921 4016 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:00:39.0937 4016 wceusbsh - ok
11:00:39.0984 4016 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:00:40.0046 4016 WDC_SAM - ok
11:00:40.0140 4016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:00:40.0140 4016 Wdf01000 - ok
11:00:40.0171 4016 WDICA - ok
11:00:40.0187 4016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:00:40.0187 4016 wdmaud - ok
11:00:40.0328 4016 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:00:40.0328 4016 WpdUsb - ok
11:00:40.0359 4016 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:00:40.0359 4016 WSTCODEC - ok
11:00:40.0468 4016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:00:40.0468 4016 WudfPf - ok
11:00:40.0531 4016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:00:40.0656 4016 \Device\Harddisk0\DR0 - ok
11:00:40.0656 4016 Boot (0x1200) (77b607a6ea1252c4df358c2735afb428) \Device\Harddisk0\DR0\Partition0
11:00:40.0671 4016 \Device\Harddisk0\DR0\Partition0 - ok
11:00:40.0671 4016 ============================================================
11:00:40.0671 4016 Scan finished
11:00:40.0671 4016 ============================================================
11:00:40.0671 2480 Detected object count: 0
11:00:40.0671 2480 Actual detected object count: 0

awills · Posted: Fri Dec 02, 2011 9:02 am Post subject: TDSS log

10:59:50.0484 2944 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:59:51.0125 2944 ============================================================
10:59:51.0125 2944 Current date / time: 2011/12/02 10:59:51.0125
10:59:51.0125 2944 SystemInfo:
10:59:51.0125 2944
10:59:51.0125 2944 OS Version: 5.1.2600 ServicePack: 3.0
10:59:51.0125 2944 Product type: Workstation
10:59:51.0125 2944 ComputerName: ALAN
10:59:51.0125 2944 UserName: Alan
10:59:51.0125 2944 Windows directory: C:\WINDOWS
10:59:51.0125 2944 System windows directory: C:\WINDOWS
10:59:51.0125 2944 Processor architecture: Intel x86
10:59:51.0125 2944 Number of processors: 2
10:59:51.0125 2944 Page size: 0x1000
10:59:51.0125 2944 Boot type: Normal boot
10:59:51.0125 2944 ============================================================
11:00:00.0046 2944 Initialize success
11:00:10.0359 4016 ============================================================
11:00:10.0359 4016 Scan started
11:00:10.0359 4016 Mode: Manual;
11:00:10.0359 4016 ============================================================
11:00:12.0093 4016 Abiosdsk - ok
11:00:12.0468 4016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:00:12.0640 4016 abp480n5 - ok
11:00:14.0078 4016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:00:14.0343 4016 ACPI - ok
11:00:15.0218 4016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:00:15.0359 4016 ACPIEC - ok
11:00:16.0046 4016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:00:16.0156 4016 adpu160m - ok
11:00:16.0359 4016 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
11:00:16.0359 4016 aeaudio - ok
11:00:16.0421 4016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:00:16.0421 4016 aec - ok
11:00:16.0484 4016 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:00:16.0656 4016 AegisP - ok
11:00:17.0203 4016 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:00:17.0203 4016 AFD - ok
11:00:17.0609 4016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:00:17.0609 4016 agp440 - ok
11:00:17.0734 4016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:00:17.0875 4016 agpCPQ - ok
11:00:18.0500 4016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:00:18.0531 4016 Aha154x - ok
11:00:19.0062 4016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:00:19.0078 4016 aic78u2 - ok
11:00:19.0109 4016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:00:19.0109 4016 aic78xx - ok
11:00:19.0140 4016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:00:19.0140 4016 AliIde - ok
11:00:19.0328 4016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:00:19.0359 4016 alim1541 - ok
11:00:20.0156 4016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:00:20.0156 4016 amdagp - ok
11:00:20.0281 4016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:00:20.0281 4016 amsint - ok
11:00:20.0375 4016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:00:20.0375 4016 asc - ok
11:00:20.0390 4016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:00:20.0390 4016 asc3350p - ok
11:00:20.0453 4016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:00:20.0453 4016 asc3550 - ok
11:00:20.0531 4016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:00:20.0531 4016 AsyncMac - ok
11:00:20.0593 4016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:00:20.0593 4016 atapi - ok
11:00:20.0859 4016 Atdisk - ok
11:00:20.0906 4016 ati2mtag (c82240ce60a9326e52282f62ba923f27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:00:20.0921 4016 ati2mtag - ok
11:00:21.0109 4016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:00:21.0140 4016 Atmarpc - ok
11:00:21.0312 4016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:00:21.0328 4016 audstub - ok
11:00:21.0453 4016 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:00:21.0453 4016 b57w2k - ok
11:00:21.0546 4016 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
11:00:21.0546 4016 BASFND - ok
11:00:21.0640 4016 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:00:21.0640 4016 BCM43XX - ok
11:00:21.0703 4016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:00:21.0703 4016 Beep - ok
11:00:21.0796 4016 BootScreen (5a6cca16cf233ad6b233f5ab25a39aca) C:\WINDOWS\System32\drivers\vidstub.sys
11:00:21.0859 4016 BootScreen - ok
11:00:21.0859 4016 catchme - ok
11:00:21.0890 4016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:00:21.0890 4016 cbidf - ok
11:00:21.0906 4016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:00:21.0906 4016 cbidf2k - ok
11:00:22.0015 4016 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:00:22.0015 4016 CCDECODE - ok
11:00:22.0046 4016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:00:22.0046 4016 cd20xrnt - ok
11:00:22.0046 4016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:00:22.0046 4016 Cdaudio - ok
11:00:22.0140 4016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:00:22.0140 4016 Cdfs - ok
11:00:22.0187 4016 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:00:22.0234 4016 Cdrom - ok
11:00:22.0234 4016 Changer - ok
11:00:22.0265 4016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:00:22.0265 4016 CmdIde - ok
11:00:22.0281 4016 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:00:22.0281 4016 Compbatt - ok
11:00:22.0312 4016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:00:22.0312 4016 Cpqarray - ok
11:00:22.0406 4016 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
11:00:22.0406 4016 cvspydr2 - ok
11:00:22.0437 4016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:00:22.0437 4016 dac2w2k - ok
11:00:22.0500 4016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:00:22.0500 4016 dac960nt - ok
11:00:22.0593 4016 DCamUSBEMPIA (f7d785ba9d167bdb0b9b19f79b220aca) C:\WINDOWS\system32\DRIVERS\emDevice.sys
11:00:22.0593 4016 DCamUSBEMPIA - ok
11:00:22.0609 4016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:00:22.0609 4016 Disk - ok
11:00:22.0656 4016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:00:22.0687 4016 dmboot - ok
11:00:22.0734 4016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:00:22.0734 4016 dmio - ok
11:00:22.0750 4016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:00:22.0750 4016 dmload - ok
11:00:22.0781 4016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:00:22.0781 4016 DMusic - ok
11:00:22.0812 4016 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:00:22.0828 4016 Dot4 - ok
11:00:22.0859 4016 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:00:22.0859 4016 Dot4Print - ok
11:00:22.0921 4016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:00:22.0921 4016 dpti2o - ok
11:00:22.0921 4016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:00:22.0937 4016 drmkaud - ok
11:00:22.0953 4016 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
11:00:22.0968 4016 drvmcdb - ok
11:00:22.0984 4016 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
11:00:23.0421 4016 drvnddm - ok
11:00:23.0500 4016 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:00:23.0531 4016 E100B - ok
11:00:23.0687 4016 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
11:00:23.0703 4016 ElbyCDIO - ok
11:00:23.0859 4016 emAudio (8bff3ef6f480b2ba00c0af75b2c8fce1) C:\WINDOWS\system32\drivers\emAudio.sys
11:00:23.0875 4016 emAudio - ok
11:00:23.0906 4016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:00:23.0906 4016 Fastfat - ok
11:00:23.0953 4016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:00:23.0953 4016 Fdc - ok
11:00:24.0046 4016 FiltUSBEMPIA (a752bd7638457a53c9dcd5be1598b3b2) C:\WINDOWS\system32\DRIVERS\emFilter.sys
11:00:24.0046 4016 FiltUSBEMPIA - ok
11:00:24.0093 4016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:00:24.0093 4016 Fips - ok
11:00:24.0125 4016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:00:24.0125 4016 Flpydisk - ok
11:00:24.0171 4016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:00:24.0187 4016 FltMgr - ok
11:00:24.0203 4016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:00:24.0203 4016 Fs_Rec - ok
11:00:24.0234 4016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:00:24.0250 4016 Ftdisk - ok
11:00:24.0296 4016 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:00:24.0296 4016 GearAspiWDM - ok
11:00:24.0328 4016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:00:24.0328 4016 Gpc - ok
11:00:24.0406 4016 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
11:00:24.0421 4016 grmnusb - ok
11:00:24.0500 4016 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
11:00:24.0546 4016 GTNDIS5 - ok
11:00:24.0609 4016 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
11:00:24.0609 4016 HidBatt - ok
11:00:24.0656 4016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:00:24.0671 4016 HidUsb - ok
11:00:24.0718 4016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:00:24.0718 4016 hpn - ok
11:00:24.0812 4016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:00:24.0812 4016 HTTP - ok
11:00:24.0828 4016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:00:24.0828 4016 i2omgmt - ok
11:00:24.0875 4016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:00:24.0875 4016 i2omp - ok
11:00:24.0890 4016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:00:24.0890 4016 i8042prt - ok
11:00:24.0953 4016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:00:24.0953 4016 Imapi - ok
11:00:25.0015 4016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:00:25.0015 4016 ini910u - ok
11:00:25.0093 4016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:00:25.0109 4016 IntelIde - ok
11:00:25.0187 4016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:00:25.0187 4016 intelppm - ok
11:00:25.0250 4016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:00:25.0250 4016 Ip6Fw - ok
11:00:25.0343 4016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:00:25.0343 4016 IpFilterDriver - ok
11:00:25.0359 4016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:00:25.0359 4016 IpInIp - ok
11:00:25.0421 4016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:00:25.0437 4016 IpNat - ok
11:00:25.0453 4016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:00:25.0500 4016 IPSec - ok
11:00:25.0578 4016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:00:25.0578 4016 IRENUM - ok
11:00:25.0625 4016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:00:25.0625 4016 isapnp - ok
11:00:25.0687 4016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:00:25.0703 4016 Kbdclass - ok
11:00:25.0718 4016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:00:25.0734 4016 kbdhid - ok
11:00:25.0765 4016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:00:25.0765 4016 kmixer - ok
11:00:25.0812 4016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:00:25.0812 4016 KSecDD - ok
11:00:25.0859 4016 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:00:25.0875 4016 LBeepKE - ok
11:00:25.0984 4016 lbrtfdc - ok
11:00:26.0109 4016 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:00:26.0156 4016 LHidFilt - ok
11:00:26.0234 4016 LMImirr - ok
11:00:26.0343 4016 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:00:26.0343 4016 LMouFilt - ok
11:00:26.0406 4016 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:00:26.0406 4016 LUsbFilt - ok
11:00:26.0515 4016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:00:26.0515 4016 mnmdd - ok
11:00:26.0578 4016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:00:26.0593 4016 Modem - ok
11:00:26.0656 4016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:00:26.0671 4016 Mouclass - ok
11:00:26.0734 4016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:00:26.0750 4016 mouhid - ok
11:00:26.0781 4016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:00:26.0781 4016 MountMgr - ok
11:00:26.0812 4016 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:00:26.0890 4016 MpFilter - ok
11:00:27.0000 4016 MpKsl17d69c8b - ok
11:00:27.0015 4016 MpKsl1f309b98 - ok
11:00:27.0015 4016 MpKsl2c30d531 - ok
11:00:27.0171 4016 MpKsl2cc23b2d (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2518FB98-1B8F-407D-8C08-14DB7E24126C}\MpKsl2cc23b2d.sys
11:00:27.0171 4016 MpKsl2cc23b2d - ok
11:00:27.0171 4016 MpKsl3b551118 - ok
11:00:27.0187 4016 MpKsl46b8fd13 - ok
11:00:27.0187 4016 MpKsl54f7d93a - ok
11:00:27.0187 4016 MpKsl5eed803b - ok
11:00:27.0203 4016 MpKsl739ab74e - ok
11:00:27.0203 4016 MpKsl7c99e997 - ok
11:00:27.0218 4016 MpKsl8d0898f7 - ok
11:00:27.0218 4016 MpKsl99f05907 - ok
11:00:27.0218 4016 MpKsla74883ef - ok
11:00:27.0234 4016 MpKslac9e66ec - ok
11:00:27.0234 4016 MpKslb03aa1cd - ok
11:00:27.0250 4016 MpKslcaadd689 - ok
11:00:27.0250 4016 MpKsld4e69266 - ok
11:00:27.0343 4016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:00:27.0343 4016 mraid35x - ok
11:00:27.0359 4016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:00:27.0359 4016 MRxDAV - ok
11:00:27.0500 4016 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:00:27.0515 4016 MRxSmb - ok
11:00:27.0593 4016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:00:27.0593 4016 Msfs - ok
11:00:27.0656 4016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:00:27.0656 4016 MSKSSRV - ok
11:00:27.0750 4016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:00:27.0750 4016 MSPCLOCK - ok
11:00:27.0765 4016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:00:27.0781 4016 MSPQM - ok
11:00:27.0812 4016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:00:27.0812 4016 mssmbios - ok
11:00:27.0875 4016 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:00:27.0875 4016 MSTEE - ok
11:00:27.0937 4016 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:00:27.0953 4016 Mup - ok
11:00:28.0000 4016 MXOFX (ca68234d644aca94e7de0c90d2142f9d) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
11:00:28.0000 4016 MXOFX - ok
11:00:28.0046 4016 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:00:28.0046 4016 NABTSFEC - ok
11:00:28.0109 4016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:00:28.0109 4016 NDIS - ok
11:00:28.0156 4016 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:00:28.0156 4016 NdisIP - ok
11:00:28.0250 4016 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:00:28.0250 4016 NdisTapi - ok
11:00:28.0265 4016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:00:28.0265 4016 Ndisuio - ok
11:00:28.0281 4016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:00:28.0281 4016 NdisWan - ok
11:00:28.0468 4016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:00:28.0484 4016 NDProxy - ok
11:00:28.0640 4016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:00:28.0656 4016 NetBIOS - ok
11:00:28.0796 4016 NetBT (28ede20f3d5e95daf113865c030562a3) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:00:32.0390 4016 NetBT - ok
11:00:33.0140 4016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:00:33.0140 4016 Npfs - ok
11:00:33.0187 4016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:00:33.0203 4016 Ntfs - ok
11:00:33.0281 4016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:00:33.0281 4016 Null - ok
11:00:33.0390 4016 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:00:33.0437 4016 nv - ok
11:00:33.0500 4016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:00:33.0500 4016 NwlnkFlt - ok
11:00:33.0515 4016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:00:33.0515 4016 NwlnkFwd - ok
11:00:33.0593 4016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:00:33.0593 4016 Parport - ok
11:00:33.0609 4016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:00:33.0609 4016 PartMgr - ok
11:00:33.0656 4016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:00:33.0656 4016 ParVdm - ok
11:00:33.0671 4016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:00:33.0671 4016 PCI - ok
11:00:33.0687 4016 PCIDump - ok
11:00:33.0703 4016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:00:33.0703 4016 PCIIde - ok
11:00:33.0718 4016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:00:33.0734 4016 Pcmcia - ok
11:00:33.0734 4016 PDCOMP - ok
11:00:33.0750 4016 PDFRAME - ok
11:00:33.0765 4016 PDRELI - ok
11:00:33.0781 4016 PDRFRAME - ok
11:00:33.0859 4016 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
11:00:33.0875 4016 PenClass - ok
11:00:33.0906 4016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:00:33.0906 4016 perc2 - ok
11:00:33.0937 4016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:00:33.0937 4016 perc2hib - ok
11:00:34.0046 4016 PhilCam8116 (a3a4d50051ddbcf390e5918c43c167ef) C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
11:00:34.0046 4016 PhilCam8116 - ok
11:00:34.0140 4016 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\WINDOWS\system32\drivers\pmemnt.sys
11:00:34.0156 4016 PMEM - ok
11:00:34.0187 4016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:00:34.0187 4016 PptpMiniport - ok
11:00:34.0203 4016 PQIMount - ok
11:00:34.0218 4016 PQV2i - ok
11:00:34.0234 4016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:00:34.0234 4016 PSched - ok
11:00:34.0250 4016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:00:34.0250 4016 Ptilink - ok
11:00:34.0296 4016 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:00:34.0296 4016 PxHelp20 - ok
11:00:34.0312 4016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:00:34.0312 4016 ql1080 - ok
11:00:34.0328 4016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:00:34.0343 4016 Ql10wnt - ok
11:00:34.0390 4016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:00:34.0390 4016 ql12160 - ok
11:00:34.0406 4016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:00:34.0406 4016 ql1240 - ok
11:00:34.0437 4016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:00:34.0437 4016 ql1280 - ok
11:00:34.0484 4016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:00:34.0484 4016 RasAcd - ok
11:00:34.0531 4016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:00:34.0531 4016 Rasl2tp - ok
11:00:34.0546 4016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:00:34.0562 4016 RasPppoe - ok
11:00:34.0562 4016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:00:34.0562 4016 Raspti - ok
11:00:34.0593 4016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:00:34.0671 4016 Rdbss - ok
11:00:34.0671 4016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:00:34.0671 4016 RDPCDD - ok
11:00:34.0703 4016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:00:34.0703 4016 rdpdr - ok
11:00:34.0781 4016 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:00:34.0781 4016 RDPWD - ok
11:00:34.0828 4016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:00:34.0890 4016 redbook - ok
11:00:34.0968 4016 ScanUSBEMPIA (7bfa395a95e5d714d222e35f041c46e8) C:\WINDOWS\system32\DRIVERS\emScan.sys
11:00:34.0968 4016 ScanUSBEMPIA - ok
11:00:35.0078 4016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:00:35.0078 4016 Secdrv - ok
11:00:35.0156 4016 Sentinel (412a3a8a9043616b9246bfefc376e933) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:00:35.0500 4016 Sentinel - ok
11:00:35.0531 4016 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:00:35.0531 4016 serenum - ok
11:00:35.0562 4016 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:00:35.0656 4016 Serial - ok
11:00:35.0687 4016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:00:35.0687 4016 Sfloppy - ok
11:00:35.0703 4016 Simbad - ok
11:00:35.0781 4016 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:00:35.0796 4016 sisagp - ok
11:00:35.0812 4016 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:00:35.0812 4016 SLIP - ok
11:00:35.0890 4016 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
11:00:35.0906 4016 smwdm - ok
11:00:36.0015 4016 SndTAudio (e0f0f9b03fe292378384bf658148ac32) C:\WINDOWS\system32\drivers\SndTAudio.sys
11:00:36.0046 4016 SndTAudio - ok
11:00:36.0125 4016 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:00:36.0125 4016 SONYPVU1 - ok
11:00:36.0171 4016 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:00:36.0171 4016 Sparrow - ok
11:00:36.0218 4016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:00:36.0218 4016 splitter - ok
11:00:36.0281 4016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:00:36.0281 4016 sr - ok
11:00:36.0375 4016 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:00:36.0375 4016 Srv - ok
11:00:36.0421 4016 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
11:00:36.0453 4016 sscdbhk5 - ok
11:00:36.0468 4016 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
11:00:36.0515 4016 ssrtln - ok
11:00:36.0562 4016 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:00:36.0578 4016 streamip - ok
11:00:36.0656 4016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:00:36.0656 4016 swenum - ok
11:00:36.0765 4016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:00:36.0781 4016 swmidi - ok
11:00:36.0843 4016 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:00:36.0859 4016 symc810 - ok
11:00:36.0875 4016 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:00:36.0875 4016 symc8xx - ok
11:00:36.0906 4016 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:00:36.0906 4016 sym_hi - ok
11:00:36.0921 4016 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:00:36.0921 4016 sym_u3 - ok
11:00:36.0968 4016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:00:36.0968 4016 sysaudio - ok
11:00:37.0046 4016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:00:37.0046 4016 Tcpip - ok
11:00:37.0156 4016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:00:37.0156 4016 TDPIPE - ok
11:00:37.0250 4016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:00:37.0250 4016 TDTCP - ok
11:00:37.0312 4016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:00:37.0328 4016 TermDD - ok
11:00:37.0406 4016 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
11:00:37.0421 4016 tfsnboio - ok
11:00:37.0437 4016 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
11:00:37.0453 4016 tfsncofs - ok
11:00:37.0468 4016 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
11:00:37.0484 4016 tfsndrct - ok
11:00:37.0578 4016 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
11:00:37.0625 4016 tfsndres - ok
11:00:37.0703 4016 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
11:00:37.0781 4016 tfsnifs - ok
11:00:37.0890 4016 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
11:00:37.0921 4016 tfsnopio - ok
11:00:38.0375 4016 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
11:00:38.0390 4016 tfsnpool - ok
11:00:38.0406 4016 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
11:00:38.0453 4016 tfsnudf - ok
11:00:38.0468 4016 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
11:00:38.0531 4016 tfsnudfa - ok
11:00:38.0640 4016 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:00:38.0640 4016 TosIde - ok
11:00:38.0718 4016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:00:38.0718 4016 Udfs - ok
11:00:38.0765 4016 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:00:38.0781 4016 ultra - ok
11:00:38.0859 4016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:00:38.0875 4016 Update - ok
11:00:38.0984 4016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:00:38.0984 4016 USBAAPL - ok
11:00:39.0078 4016 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:00:39.0078 4016 usbaudio - ok
11:00:39.0125 4016 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:00:39.0125 4016 usbccgp - ok
11:00:39.0187 4016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:00:39.0187 4016 usbehci - ok
11:00:39.0203 4016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:00:39.0203 4016 usbhub - ok
11:00:39.0250 4016 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:00:39.0250 4016 usbprint - ok
11:00:39.0265 4016 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:00:39.0265 4016 usbscan - ok
11:00:39.0312 4016 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:00:39.0312 4016 USBSTOR - ok
11:00:39.0359 4016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:00:39.0375 4016 usbuhci - ok
11:00:39.0406 4016 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:00:39.0406 4016 usb_rndisx - ok
11:00:39.0468 4016 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
11:00:39.0484 4016 VClone - ok
11:00:39.0531 4016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:00:39.0562 4016 VgaSave - ok
11:00:39.0578 4016 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:00:39.0578 4016 viaagp - ok
11:00:39.0609 4016 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:00:39.0609 4016 ViaIde - ok
11:00:39.0687 4016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:00:39.0687 4016 VolSnap - ok
11:00:39.0750 4016 vscombus (19f98398ee7604e2832b67ea8fc07661) C:\WINDOWS\system32\DRIVERS\vsc2k.sys
11:00:39.0765 4016 vscombus - ok
11:00:39.0781 4016 vspcipar (d96af1c5cf484d37d211619d04f3f5a5) C:\WINDOWS\system32\DRIVERS\vsp2k.sys
11:00:39.0828 4016 vspcipar - ok
11:00:39.0859 4016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:00:39.0859 4016 Wanarp - ok
11:00:39.0921 4016 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:00:39.0937 4016 wceusbsh - ok
11:00:39.0984 4016 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:00:40.0046 4016 WDC_SAM - ok
11:00:40.0140 4016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:00:40.0140 4016 Wdf01000 - ok
11:00:40.0171 4016 WDICA - ok
11:00:40.0187 4016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:00:40.0187 4016 wdmaud - ok
11:00:40.0328 4016 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:00:40.0328 4016 WpdUsb - ok
11:00:40.0359 4016 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:00:40.0359 4016 WSTCODEC - ok
11:00:40.0468 4016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:00:40.0468 4016 WudfPf - ok
11:00:40.0531 4016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:00:40.0656 4016 \Device\Harddisk0\DR0 - ok
11:00:40.0656 4016 Boot (0x1200) (77b607a6ea1252c4df358c2735afb428) \Device\Harddisk0\DR0\Partition0
11:00:40.0671 4016 \Device\Harddisk0\DR0\Partition0 - ok
11:00:40.0671 4016 ============================================================
11:00:40.0671 4016 Scan finished
11:00:40.0671 4016 ============================================================
11:00:40.0671 2480 Detected object count: 0
11:00:40.0671 2480 Actual detected object count: 0

Cypher · Posted: Fri Dec 02, 2011 9:18 am Post subject:

Hi Alan,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code:

:filefind
netbt.sys.*
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
_________________
Admin/Teacher at Malware Removal University
Member of...

awills · Posted: Fri Dec 02, 2011 9:53 am Post subject: SystemLook Results

Hello Cypher,

Here are the results of the System Look.

--Alan

SystemLook 30.07.11 by jpshortstuff
Log created at 11:39 on 02/12/2011 by Alan
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys.*"
C:\i386\netbt.sys --a--c- 162816 bytes [18:07 25/05/2005] [10:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [13:48 27/05/2008] [10:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\ServicePackFiles\i386\netbt.sys -----c- 162816 bytes [13:38 27/05/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [22:00 11/08/2004] [19:21 13/04/2008] (Unable to calculate MD5)

-= EOF =-

awills

Microsoft Security Essentials found the threat and wants to restart they system to remove it.

driver:NetBT
file:C:\WINDOWS\system32\drivers\netbt.sys

I won't restart until I hear from you.

--Alan

Cypher · Posted: Fri Dec 02, 2011 10:29 am Post subject:

Hi Alan,
Don't let Microsoft Security Essentials take any action on that file, we will take care of it soon.

Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:

awills · Posted: Fri Dec 02, 2011 11:33 am Post subject: Here are the scan results

Hi Cypher,

Here are the scan results. It appears that MS Security Essentials already removed the threat. I tried to keep that from happening.

[/url]http://virusscan.jotti.org/en/scanresult/09f5130b0a85d40ab167d6774fc60ba15bbc35c6[url]

Best regards,

Alan

Cypher · Posted: Fri Dec 02, 2011 11:38 am Post subject:

Hi Alan.

awills · Posted: Fri Dec 02, 2011 12:02 pm Post subject: SystemLook Results

SystemLook 30.07.11 by jpshortstuff
Log created at 13:52 on 02/12/2011 by Alan
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys.*"
C:\i386\netbt.sys --a--c- 162816 bytes [18:07 25/05/2005] [10:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [13:48 27/05/2008] [10:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\ServicePackFiles\i386\netbt.sys -----c- 162816 bytes [13:38 27/05/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\dllcache\netbt.sys --a---- 162816 bytes [22:00 11/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [22:00 11/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

-= EOF =-

Cypher · Posted: Fri Dec 02, 2011 12:16 pm Post subject:

Hi Alan.
Is you internet connection working now?
I need you to check this file for me again, if you get a message saying it has already been tested, submit it again for testing.

Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:

awills

Hi Cypher,

Here's the scan again run on VirusTotal

http://www.virustotal.com/file-scan/report.html?id=7932b71f98b4122be88f576bf6d745a757ae378a48924b7f4358837b75640a82-1322857439

Best Regards,
Alan

Cypher · Posted: Sat Dec 03, 2011 3:14 am Post subject:

Hi Alan,

awills · Posted: Mon Dec 05, 2011 6:40 am Post subject: No network connection

Hello Cypher,

Still no access to the network or internet.

Was netbt damaged in the process?

Computer was restarted over the weekend due to bad weather. Microsoft Security Essentials might have completed it removal of the threat.

How should we proceed?

--Best regards,
Alan

Cypher · Posted: Mon Dec 05, 2011 7:22 am Post subject:

Hi Alan,

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.

Double click FSS.exe to run it.
Press the "Scan" button.
When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
Please copy and paste the contents of the FSS.txt log to your reply.

_________________
Admin/Teacher at Malware Removal University
Member of...

awills · Posted: Mon Dec 05, 2011 7:45 am Post subject: FSS Scan log file

Hi Cypher,

Here are the results of services scan.

Regards,
Alan

Farbar Service Scanner
Ran by Alan (administrator) on 05-12-2011 at 09:45:58
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

Cypher · Posted: Mon Dec 05, 2011 8:44 am Post subject:

Hi Alan,
Do the following then give me an update on your network connection.

Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:

Quote:

@Echo off
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save the Notepad file on your desktop...as Fix bat... save type as "All Files"

Fix bat<<------------- you should see this on your desktop.
Double click on Fix bat to execute it.
A black CMD window will flash, then disappear...this is normal.
A file should appear on your Desktop, you can delete this file as it's not needed.

_________________
Admin/Teacher at Malware Removal University
Member of...

awills

Hello Cypher,

Executed file.
Still can't connect to the network.

Best Regards,
Alan

Cypher · Posted: Mon Dec 05, 2011 9:54 am Post subject:

Hi Alan,
I am discussing your network problem with my collogues.
I will get back to you as soon as possible.
_________________
Admin/Teacher at Malware Removal University
Member of...

awills · Posted: Mon Dec 05, 2011 10:24 am Post subject: Network connections restored

I was able to restore network connections.

Ready to proceed with cleanup of malware.

Regards,
Alan

awills · Posted: Mon Dec 05, 2011 10:26 am Post subject: MSE still detecting malware

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:\\mdrnt\Alan\My Documents\pXTnVqcr7.exe
filelocalcopy:\\?\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D759B17C-F66F-477C-BC70-A60497704CE7}-pXTnVqcr7.exe

Cypher · Posted: Mon Dec 05, 2011 11:09 am Post subject:

Hi Alan,

awills

Network connections restored by
--installing clean version of Netbt.sys and importing registry settings for NetBT from a working XP SP3 computer.

--Reset WINSOCK entries and TCP/IP stack.

--Reinstalled TCP/IP profile.

MSE is trying to fix the threat (tried to stall it but it took over and did it ) but it did not delete the problem files. They are still there and threat will reappear as soon as My Documents folder is opened.

Best regards,
Alan

Cypher · Posted: Tue Dec 06, 2011 3:17 am Post subject:

Hi Alan,

awills · Posted: Tue Dec 06, 2011 6:25 am Post subject: SystemLook Results

Hello Cypher,

Here are the log results. MSE removed the threat.

SystemLook 30.07.11 by jpshortstuff
Log created at 08:12 on 06/12/2011 by Alan
Administrator - Elevation successful

========== filefind ==========

Searching for "pXTnVqcr7.exe.*"
No files found.

-= EOF =-

Cypher · Posted: Tue Dec 06, 2011 8:28 am Post subject:

Hi Alan,
Is MSE still detecting the "pXTnVqcr7.exe" files?

Click > Start > Run, and enter sfc /scannow and click OK, there is a space after the sfc.
This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk, or from the CD if necessary.
Let me know the results.
_________________
Admin/Teacher at Malware Removal University
Member of...

awills · Posted: Tue Dec 06, 2011 9:19 am Post subject: Scannow results

Hello Cypher,

Scannow completed and made no recommendations.

I did not see a log file.

Best regards,
Alan

Cypher · Posted: Tue Dec 06, 2011 9:23 am Post subject:

Hi Alan,
You didn't answer my question, is MSE still detecting the "pXTnVqcr7.exe" files?
_________________
Admin/Teacher at Malware Removal University
Member of...