 Unknown virus, likely a rootkit, Can run DDS but not RootRepeal |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 7 2010, 09:52 AM
Post
#16
|
|
|
New Member  Group: Members Posts: 14 Joined: 31-December 09 Member No.: 426,860  |
|
 |
 
|
|
Jan 8 2010, 08:14 AM
Post
#17
|
|
|
Malware Expert Group: Malware Response Team Posts: 17,382 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Download Kenco.exe to your desktop
================ Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2
--------------------  If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Jan 8 2010, 09:32 AM
Post
#18
|
|
|
New Member Group: Members Posts: 14 Joined: 31-December 09 Member No.: 426,860 |
Here's the Kenoco log:
Kenco by jpshortstuff (31.12.09.1) Log created at 09:31 on 08/01/2010 (Labels) ========== Task Unlocker ========== ========== KencoScan ========== C:\WINDOWS\system32\scecli.dll -> Unable to read file attributes [32]! ========== C:\WINDOWS\Tasks ========== User_Feed_Synchronization-{272FB40A-8A07-42B7-AC52-5938D03B41A0}.job -> [18:37 07/12/2009] 424 bytes -=E.O.F=- And here's the GooredFix log: GooredFix by jpshortstuff (02.01.10.1) Log created at 09:31 on 08/01/2010 (Labels) Firefox version [Unable to determine] ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ (none) C:\Documents and Settings\Labels\Application Data\Mozilla\Firefox\Profiles\i6h8cep3.default\extensions\ {20a82645-c095-46ed-80e3-08825760534b} [17:41 19/08/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:12 04/02/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:49 02/12/2009] -=E.O.F=- This post has been edited by bdam: Jan 8 2010, 09:33 AM |
|
|
|
|
Jan 8 2010, 09:45 AM
Post
#19
|
|
|
Malware Expert Group: Malware Response Team Posts: 17,382 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Run OTL.exe
Copy the text below into the Custom fix box. /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles Click Run Scan and post the resulting log. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Jan 8 2010, 03:40 PM
Post
#20
|
|
|
New Member Group: Members Posts: 14 Joined: 31-December 09 Member No.: 426,860 |
OTL will scan for a few seconds then suddently quit. I tried renaming the file randomly when downloading, even changing the extention to scr but had the same behavior.
|
|
|
|
|
Jan 8 2010, 05:29 PM
Post
#21
|
|
|
Malware Expert Group: Malware Response Team Posts: 17,382 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop. CODE FileLook:: C:\WINDOWS\$NtServicePackUninstall$\scecli.dll C:\WINDOWS\ServicePackFiles\i386\scecli.dll C:\WINDOWS\system32\scecli.dll Prior to running Combofix.exe you should disable your antivirus program. Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Jan 12 2010, 09:53 AM
Post
#22
|
|
|
New Member Group: Members Posts: 14 Joined: 31-December 09 Member No.: 426,860 |
Excellent, after running ComboFix with that script I was able to do searches again. I downloaded MBAM and was able to run a quick scan with revealed 7 items (ex. AdWare.MyWebSearch, Trojan.Vundo, Trojan.Downloader, Rootkit.Agent). After rebooting I ran a full scan which revealed 7 more (ex. Malware.Trace, Trojan.Sirefef, Malware.Trace).
Here's the latest ComboFix log: ComboFix 10-01-11.03 - Labels 01/12/2010 8:38.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.204 [GMT -5:00] Running from: c:\documents and settings\Labels\Desktop\cfxr.exe Command switches used :: c:\documents and settings\Labels\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\$NtUninstallKB922582$ c:\windows\$NtUninstallKB922582$\fltlib.dll c:\windows\$NtUninstallKB922582$\fltmc.exe c:\windows\$NtUninstallKB922582$\fltmgr.sys c:\windows\$NtUninstallKB922582$\spuninst\spuninst.exe c:\windows\$NtUninstallKB922582$\spuninst\spuninst.inf c:\windows\$NtUninstallKB922582$\spuninst\spuninst.txt c:\windows\$NtUninstallKB922582$\spuninst\updspapi.dll ----- BITS: Possible infected sites ----- hxxp://bakrps01 c:\windows\system32\scecli.dll . . . is infected!! . . .Failed to restore. Attempting to replace on reboot c:\windows\system32\proquota.exe . . . is missing!! Infected copy of c:\windows\system32\scecli.dll was found and disinfected Restored copy from - c:\system volume information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1453\A0096145.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 ))))))))))))))))))))))))))))))) . 2010-01-07 10:09 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2010-01-07 10:09 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2010-01-07 10:09 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys 2010-01-06 15:31 . 2010-01-06 16:30 -------- d-----w- c:\documents and settings\Labels\DoctorWeb 2010-01-04 11:58 . 2009-03-01 06:08 151552 ----a-w- c:\windows\system32\VO28SYS.DLL 2010-01-04 11:58 . 2009-03-01 06:08 553984 ----a-w- c:\windows\system32\vo28run.dll 2010-01-04 11:58 . 2009-03-01 06:08 371712 ----a-w- c:\windows\system32\VO28RDD.DLL 2010-01-04 11:58 . 2009-03-01 06:08 287744 ----a-w- c:\windows\system32\VO28SQL.DLL 2010-01-04 11:58 . 2009-03-01 06:08 222720 ----a-w- c:\windows\system32\vo28orun.dll 2010-01-04 11:58 . 2009-03-01 06:08 150528 ----a-w- c:\windows\system32\VO28OLE.DLL 2010-01-04 11:58 . 2009-03-01 06:08 1474560 ----a-w- c:\windows\system32\VO28GUI.DLL 2010-01-04 11:58 . 2001-04-30 14:40 277201 ----a-w- c:\windows\system32\FUNCky60.DLL 2009-12-31 18:55 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-12-31 18:52 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-31 18:52 . 2009-10-13 10:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll 2009-12-31 18:52 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-12-31 18:52 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys 2009-12-31 18:52 . 2009-09-11 14:18 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll 2009-12-31 18:52 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll 2009-12-31 18:52 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll 2009-12-31 14:33 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-31 14:33 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 14:33 . 2010-01-07 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-31 14:17 . 2009-12-31 14:17 -------- d--h--w- c:\windows\PIF 2009-12-31 13:55 . 2009-12-31 13:55 -------- d-----w- c:\documents and settings\Labels\Application Data\Malwarebytes 2009-12-31 13:55 . 2009-12-31 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-31 13:53 . 2009-12-31 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-31 13:52 . 2009-12-31 13:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-17 20:04 . 2009-12-17 20:04 -------- d-----w- c:\program files\ISA_FlexGrid . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-06 14:49 . 2005-06-21 14:59 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-06 14:48 . 2005-06-21 14:59 -------- d-----w- c:\program files\Symantec AntiVirus 2010-01-06 14:48 . 2005-06-21 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-12-17 20:04 . 2007-07-26 14:15 249856 ------w- c:\windows\Setup1.exe 2009-12-17 20:04 . 2007-07-26 14:15 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-12-02 20:02 . 2009-12-02 20:02 -------- d-----w- c:\program files\Common Files\Apple 2009-12-02 20:02 . 2009-12-02 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-02 20:01 . 2005-06-23 18:25 -------- d-----w- c:\program files\Common Files\Adobe 2009-12-02 19:49 . 2009-12-02 19:50 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-02 19:49 . 2005-05-24 05:28 -------- d-----w- c:\program files\Java 2009-12-02 19:47 . 2009-12-02 19:46 -------- d-----w- c:\program files\QuickTime 2009-12-02 19:46 . 2009-12-02 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-02 19:44 . 2009-04-30 19:22 -------- d-----w- c:\program files\Yahoo! 2009-12-02 19:39 . 2005-05-24 05:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-21 15:51 . 2009-02-05 12:34 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 07:45 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2009-02-05 12:34 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:38 . 2009-02-05 12:34 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-20 16:20 . 2009-02-05 12:34 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-19 18:06 . 2009-10-19 18:06 223232 ------w- c:\windows\system32\wksprt.exe 2009-10-19 18:06 . 2009-10-19 18:06 46080 ------w- c:\windows\system32\TSWbPrxy.exe 2009-10-19 18:06 . 2009-10-19 18:06 12800 ------w- c:\windows\system32\wksprtPS.dll 2009-10-19 18:06 . 2009-02-05 12:34 1033728 ----a-w- c:\windows\system32\mstsc.exe 2009-10-19 18:06 . 2009-02-05 12:34 36864 ----a-w- c:\windows\system32\tsgQec.dll 2009-10-19 18:06 . 2009-02-05 12:34 2689024 ----a-w- c:\windows\system32\mstscax.dll 2009-10-19 18:06 . 2009-10-19 18:06 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll 2009-10-19 18:06 . 2009-02-05 12:34 130560 ----a-w- c:\windows\system32\aaclient.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\windows\$NtServicePackUninstall$\scecli.dll --- Company: Microsoft Corporation File Description: Windows Security Configuration Editor Client Engine File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: scecli File size: 180224 Created time: 2009-02-05 17:04 Modified time: 2004-08-04 08:00 MD5: 0F78E27F563F2AAF74B91A49E2ABF19A SHA1: 44118965BA4763227472987B758BCEA3FB2CD761 --- c:\windows\ServicePackFiles\i386\scecli.dll --- Company: Microsoft Corporation File Description: Windows Security Configuration Editor Client Engine File Version: 5.1.2600.5512 (xpsp.080413-2113) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: scecli File size: 181248 Created time: 2009-02-05 17:11 Modified time: 2008-04-14 09:42 MD5: A86BB5E61BF3E39B62AB4C7E7085A084 SHA1: 3A3535122DA168A549D2007123E9AE06146F2002 --- c:\windows\system32\scecli.dll --- Company: Microsoft Corporation File Description: Windows Security Configuration Editor Client Engine File Version: 5.1.2600.5512 (xpsp.080413-2113) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: scecli File size: 181248 Created time: 2009-02-05 12:33 Modified time: 2008-04-14 09:42 MD5: A86BB5E61BF3E39B62AB4C7E7085A084 SHA1: 3A3535122DA168A549D2007123E9AE06146F2002 ------- Sigcheck ------- [-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll [-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 09:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 09:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll [7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll [-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-03 17:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 09:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2008-04-14 09:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-09-22 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2004-09-22 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-04 08:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 08:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-05_15.19.30 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-12 13:44 . 2010-01-12 13:44 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat + 2009-02-05 12:33 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll + 2009-02-05 12:34 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe + 2009-02-05 12:33 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe + 2009-02-05 12:33 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll - 2009-02-05 12:33 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll - 2009-02-05 12:33 . 2008-04-14 09:42 79872 c:\windows\system32\raschap.dll + 2009-02-05 12:33 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll - 2004-08-09 13:44 . 2010-01-05 15:20 71264 c:\windows\system32\perfc009.dat + 2004-08-09 13:44 . 2010-01-08 14:36 71264 c:\windows\system32\perfc009.dat + 2006-11-08 02:03 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll - 2006-11-08 02:03 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll + 2009-02-05 12:33 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll + 2004-08-04 08:00 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll - 2004-08-04 08:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll + 2009-02-05 12:33 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll - 2004-08-09 13:40 . 2009-06-15 10:26 95864 c:\windows\system32\FNTCACHE.DAT + 2004-08-09 13:40 . 2010-01-08 14:34 95864 c:\windows\system32\FNTCACHE.DAT + 2009-02-05 12:33 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys + 2010-01-01 13:41 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll + 2010-01-01 13:41 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe + 2010-01-01 13:41 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe + 2009-04-15 22:50 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll - 2009-04-15 22:50 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2010-01-01 13:41 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll + 2007-05-09 10:59 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2007-05-09 10:59 . 2009-03-08 09:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2010-01-01 13:41 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll - 2006-06-14 09:58 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2006-06-14 09:58 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll + 2010-01-01 13:41 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll + 2010-01-01 13:41 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll + 2010-01-01 13:41 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll - 2009-02-05 12:34 . 2008-04-14 09:41 84992 c:\windows\system32\avifil32.dll + 2009-02-05 12:34 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll - 2009-02-05 12:34 . 2008-04-14 09:41 58880 c:\windows\system32\atl.dll + 2009-02-05 12:34 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll + 2010-01-06 17:11 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll + 2010-01-06 17:11 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll + 2010-01-06 17:11 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll + 2010-01-06 17:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE8\update\spcustom.dll + 2010-01-06 17:11 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE8\spmsg.dll + 2010-01-01 13:41 . 2009-10-29 07:45 12800 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\xpshims.dll + 2010-01-01 13:41 . 2009-10-29 07:45 55296 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeedsbs.dll + 2010-01-01 13:41 . 2009-10-29 07:45 25600 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\jsproxy.dll + 2010-01-06 17:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975364-IE8\update\spcustom.dll + 2010-01-06 17:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975364-IE8\spmsg.dll + 2009-12-31 18:52 . 2009-10-02 04:43 92160 c:\windows\$hf_mig$\KB975364-IE8\SP3QFE\iecompat.dll + 2010-01-06 17:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll + 2010-01-06 17:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll + 2010-01-06 17:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll + 2010-01-06 17:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll + 2010-01-01 13:41 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll + 2010-01-06 17:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll + 2010-01-06 17:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll + 2010-01-06 17:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll + 2010-01-06 17:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll + 2010-01-01 13:41 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll + 2010-01-06 17:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll + 2010-01-06 17:11 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll + 2010-01-06 17:09 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973869\update\spcustom.dll + 2010-01-06 17:09 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973869\spmsg.dll + 2010-01-06 17:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll + 2010-01-06 17:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll + 2010-01-06 17:06 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll + 2010-01-06 17:06 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll + 2010-01-06 17:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll + 2010-01-06 17:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll + 2010-01-06 17:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll + 2010-01-06 17:06 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll + 2010-01-01 13:41 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll + 2010-01-06 17:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973354\update\spcustom.dll + 2010-01-06 17:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973354\spmsg.dll + 2010-01-06 17:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll + 2010-01-06 17:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll + 2010-01-06 17:11 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll + 2010-01-06 17:11 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll + 2010-01-06 17:10 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll + 2010-01-06 17:10 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll + 2010-01-06 17:11 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll + 2010-01-06 17:11 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll + 2010-01-01 13:41 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll + 2010-01-06 17:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll + 2010-01-06 17:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll + 2010-01-06 17:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll + 2010-01-06 17:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll + 2010-01-06 17:12 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll + 2010-01-06 17:12 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll + 2010-01-06 17:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll + 2010-01-06 17:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll + 2009-12-31 18:52 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll + 2009-12-31 18:52 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll + 2009-12-31 18:52 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys + 2010-01-06 17:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB961371-v2\update\spcustom.dll + 2010-01-06 17:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB961371-v2\spmsg.dll + 2010-01-01 13:41 . 2009-07-29 04:30 81920 c:\windows\$hf_mig$\KB961371-v2\SP3QFE\fontsub.dll + 2010-01-06 17:12 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll + 2010-01-06 17:12 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll + 2010-01-01 13:41 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe + 2010-01-01 13:41 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe + 2010-01-06 17:10 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll + 2010-01-06 17:10 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll + 2010-01-06 17:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll + 2010-01-06 17:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll + 2010-01-06 17:04 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll - 2009-02-05 12:33 . 2008-04-14 09:42 132096 c:\windows\system32\wkssvc.dll + 2009-02-05 12:33 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll + 2009-02-05 12:34 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll + 2009-02-05 12:33 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll + 2004-08-04 08:00 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll - 2004-08-04 08:00 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll + 2009-02-05 12:33 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll + 2009-02-05 12:33 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll - 2004-08-09 13:44 . 2010-01-05 15:20 441454 c:\windows\system32\perfh009.dat + 2004-08-09 13:44 . 2010-01-08 14:36 441454 c:\windows\system32\perfh009.dat + 2004-08-04 08:00 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll + 2009-02-05 12:33 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll - 2009-02-05 12:33 . 2008-04-14 09:42 270336 c:\windows\system32\oakley.dll + 2009-02-05 12:33 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll + 2009-02-05 12:33 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll - 2006-11-08 02:03 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll + 2006-11-08 02:03 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll + 2009-02-05 12:33 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll + 2009-02-05 12:33 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll - 2009-02-05 12:33 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll + 2009-02-05 12:33 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll + 2004-08-04 08:00 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll + 2004-08-04 08:00 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll + 2004-08-04 08:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe - 2004-08-04 08:00 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe + 2010-01-01 13:41 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll + 2006-06-14 09:58 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll + 2009-04-15 22:50 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll + 2010-01-01 13:41 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll + 2010-01-01 13:41 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll + 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll - 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll + 2009-03-11 23:58 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll + 2010-01-01 13:41 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll + 2006-10-17 17:04 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll + 2007-05-09 10:59 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll - 2007-05-09 10:59 . 2009-03-08 09:32 594432 c:\windows\system32\dllcache\msfeeds.dll + 2009-04-15 22:50 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-02-05 19:02 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll - 2009-02-05 19:02 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll + 2010-01-01 13:41 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll + 2006-06-14 09:58 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll + 2006-11-07 08:27 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2006-11-07 08:26 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe - 2006-11-07 08:26 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2010-01-01 13:41 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll + 2010-01-06 17:11 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB976325-IE8\wininet.dll + 2010-01-06 17:11 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll + 2010-01-06 17:11 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe + 2010-01-06 17:11 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB976325-IE8\occache.dll + 2010-01-06 17:11 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll + 2010-01-06 17:11 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll + 2010-01-06 17:11 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB976325-IE8\iepeers.dll + 2010-01-06 17:11 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll + 2010-01-06 17:11 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe + 2010-01-06 17:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll + 2010-01-06 17:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe + 2010-01-06 17:03 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2010-01-06 17:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2010-01-06 17:03 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2010-01-07 10:09 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys + 2007-07-26 14:20 . 2010-01-08 05:12 196665 c:\windows\_tcache1\tpe\KPEVer.exe - 2007-07-26 14:20 . 2009-12-21 07:25 196665 c:\windows\_tcache1\tpe\KPEVer.exe + 2010-01-06 17:11 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE8\update\updspapi.dll + 2010-01-06 17:11 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE8\update\update.exe + 2010-01-06 17:11 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE8\spuninst.exe + 2010-01-01 13:41 . 2009-10-29 07:45 916480 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll + 2010-01-01 13:41 . 2009-10-29 07:45 206848 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\occache.dll + 2010-01-01 13:41 . 2009-10-29 07:45 594432 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeeds.dll + 2010-01-01 13:41 . 2009-10-29 07:45 246272 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieproxy.dll + 2010-01-01 13:41 . 2009-10-29 07:45 184320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iepeers.dll + 2010-01-01 13:41 . 2009-10-29 07:45 387584 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iedkcs32.dll + 2010-01-01 13:41 . 2009-10-28 14:10 173056 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ie4uinit.exe + 2010-01-06 17:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975364-IE8\update\updspapi.dll + 2010-01-06 17:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975364-IE8\update\update.exe + 2010-01-06 17:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975364-IE8\spuninst.exe + 2010-01-06 17:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll + 2010-01-06 17:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe + 2010-01-06 17:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe + 2010-01-06 17:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll + 2010-01-06 17:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe + 2010-01-06 17:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe + 2010-01-06 17:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll + 2010-01-06 17:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe + 2010-01-06 17:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe + 2009-12-31 18:52 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll + 2010-01-06 17:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll + 2010-01-06 17:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe + 2010-01-06 17:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe + 2009-10-12 23:58 . 2009-10-12 23:58 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll + 2010-01-06 17:11 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll + 2010-01-06 17:11 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe + 2010-01-06 17:11 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe + 2010-01-01 13:41 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll + 2010-01-06 17:09 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973869\update\updspapi.dll + 2010-01-06 17:09 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973869\update\update.exe + 2010-01-06 17:09 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973869\spuninst.exe + 2010-01-06 17:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll + 2010-01-06 17:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe + 2010-01-06 17:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe + 2009-12-31 18:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll + 2010-01-06 17:06 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll + 2010-01-06 17:06 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe + 2010-01-06 17:06 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe + 2010-01-06 17:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll + 2010-01-06 17:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe + 2010-01-06 17:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe + 2010-01-06 17:06 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll + 2010-01-06 17:06 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe + 2010-01-06 17:06 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe + 2010-01-06 17:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973354\update\updspapi.dll + 2010-01-06 17:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973354\update\update.exe + 2010-01-06 17:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973354\spuninst.exe + 2010-01-06 17:03 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll + 2010-01-06 17:03 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe + 2010-01-06 17:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe + 2009-12-31 18:52 . 2009-06-22 06:47 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll + 2010-01-06 17:11 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971657\update\updspapi.dll + 2010-01-06 17:11 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971657\update\update.exe + 2010-01-06 17:11 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971657\spuninst.exe + 2010-01-01 13:41 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll + 2010-01-06 17:10 . 2009-05-26 22:10 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll + 2010-01-06 17:10 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971633\update\update.exe + 2010-01-06 17:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe + 2010-01-06 17:11 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971557\update\updspapi.dll + 2010-01-06 17:11 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971557\update\update.exe + 2010-01-06 17:11 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971557\spuninst.exe + 2010-01-06 17:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll + 2010-01-06 17:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe + 2010-01-06 17:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe + 2010-01-06 17:02 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll + 2010-01-06 17:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe + 2010-01-06 17:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe + 2010-01-06 17:12 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll + 2010-01-06 17:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe + 2010-01-06 17:12 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe + 2010-01-06 17:02 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll + 2010-01-06 17:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe + 2010-01-06 17:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe + 2009-12-31 18:52 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll + 2009-12-31 18:52 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll + 2009-06-26 20:11 . 2009-06-26 20:11 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll + 2009-12-31 18:52 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll + 2010-01-06 17:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371-v2\update\updspapi.dll + 2010-01-06 17:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371-v2\update\update.exe + 2010-01-06 17:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB961371-v2\spuninst.exe + 2010-01-01 13:41 . 2009-07-29 04:30 119808 c:\windows\$hf_mig$\KB961371-v2\SP3QFE\t2embed.dll + 2010-01-06 17:12 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB960859\update\updspapi.dll + 2010-01-06 17:12 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB960859\update\update.exe + 2010-01-06 17:12 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB960859\spuninst.exe + 2010-01-06 17:10 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll + 2010-01-06 17:10 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe + 2010-01-06 17:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe + 2010-01-01 13:41 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll + 2010-01-06 17:12 . 2009-05-26 22:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll + 2010-01-06 17:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe + 2010-01-06 17:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe + 2010-01-01 13:41 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll + 2010-01-01 13:41 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2009-02-05 12:33 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys + 2004-08-04 08:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll + 2009-02-05 12:33 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll - 2009-02-05 12:33 . 2008-04-14 09:42 1435648 c:\windows\system32\query.dll + 2009-02-05 12:33 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll + 2009-02-05 12:33 . 2009-08-05 01:44 2189184 c:\windows\system32\ntoskrnl.exe + 2009-02-05 12:33 . 2009-08-04 14:20 2066048 c:\windows\system32\ntkrnlpa.exe - 2009-02-05 12:33 . 2009-02-07 23:02 2066048 c:\windows\system32\ntkrnlpa.exe + 2008-08-30 01:06 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll + 2004-08-04 08:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll + 2004-08-04 08:00 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll + 2006-10-17 16:57 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll + 2008-10-15 14:47 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys + 2006-06-14 09:58 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll + 2010-01-01 13:41 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll + 2008-06-11 18:35 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll + 2008-10-15 14:47 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe - 2008-10-15 14:47 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-15 14:47 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-15 14:47 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2008-10-15 14:47 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-15 14:47 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe - 2008-10-15 14:47 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-02-05 17:12 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll + 2006-10-12 10:38 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll + 2006-06-14 09:58 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll + 2007-05-09 10:59 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll + 2010-01-06 17:11 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB976325-IE8\urlmon.dll + 2010-01-06 17:11 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll + 2010-01-06 17:11 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB976325-IE8\iertutil.dll + 2008-10-15 14:47 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2008-10-15 14:47 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-15 14:47 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2008-10-15 14:47 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-10-15 14:47 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-10-15 14:47 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2008-10-15 14:47 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-01-01 13:41 . 2009-10-29 07:45 1209344 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\urlmon.dll + 2010-01-01 13:41 . 2009-10-29 07:45 5944320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll + 2010-01-01 13:41 . 2009-10-29 07:45 1986048 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iertutil.dll + 2010-01-01 13:41 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll + 2010-01-01 13:41 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll + 2009-07-10 23:54 . 2009-07-10 23:54 1315328 c:\windows\$hf_mig$\KB973354\SP3QFE\msoe.dll + 2010-01-01 13:41 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll + 2009-12-31 18:52 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe + 2009-12-31 18:52 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe + 2009-08-04 23:47 . 2009-08-04 23:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe + 2009-12-31 18:52 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe + 2009-08-14 22:49 . 2009-08-14 22:49 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys + 2010-01-01 13:41 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll + 2005-06-21 15:53 . 2009-12-01 17:06 25966024 c:\windows\system32\MRT.exe + 2006-11-08 02:03 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll + 2007-05-09 10:59 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll + 2010-01-06 17:11 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB976325-IE8\ieframe.dll + 2007-07-26 14:20 . 2010-01-08 03:53 21686272 c:\windows\_tcache1\tsystem1.exe + 2009-10-29 18:15 . 2009-10-29 18:15 11070464 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 c:\documents and settings\All Users\Start Menu\Programs\Startup\ Label Printer capture.lnk - c:\windows\system32\net.exe [2009-2-5 42496] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "2000:TCP"= 2000:TCP:Clippership "53:TCP"= 53:TCP:websrvx "5985:TCP"= 5985:TCP:Windows Remote Management [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings] "Enabled"= 1 (0x1) R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [8/27/2004 4:18 PM 97920] R2 TPEStat;TPEStat;c:\windows\tpestat.sys [7/26/2007 9:13 AM 7136] S2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe --> c:\program files\websrvx\websrvx.exe [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\biostools\NTGLM7X.sys --> c:\biostools\NTGLM7X.sys [?] S3 rr.scr;rr.scr;\??\c:\windows\system32\drivers\rr.scr.sys --> c:\windows\system32\drivers\rr.scr.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/5/2009 7:33 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2010-01-12 c:\windows\Tasks\User_Feed_Synchronization-{272FB40A-8A07-42B7-AC52-5938D03B41A0}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html Trusted Zone: google.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-12 08:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2388) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe . ************************************************************************** . Completion time: 2010-01-12 08:47:22 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-12 13:47 ComboFix2.txt 2010-01-05 15:23 Pre-Run: 70,636,392,448 bytes free Post-Run: 70,708,826,112 bytes free - - End Of File - - 5C8790031FC718D12EAC14A97AE85B68 |
|
|
|
|
Jan 12 2010, 06:23 PM
Post
#23
|
|
|
Malware Expert Group: Malware Response Team Posts: 17,382 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Looks much better now. Is Malwarebytes coming clean now?
I'd like to have you run one more scan just to be sure we didn't miss anything. Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Jan 15 2010, 04:15 PM
Post
#24
|
|
|
New Member Group: Members Posts: 14 Joined: 31-December 09 Member No.: 426,860 |
Thanks again for all your help.
MBAM's scans all turned out clean after the full scan. ESET also came out clean. I had a couple of issues but was able to take care of them. MS's monthly removal wouldn't work but replacing mrt.exe with a good copy from another machine took care of that. I had an update for IE7 which kept failing to install so I uninstalled IE8, reinstalled IE7, and installed IE8 again and it seems to be all happy now. I also did some work so that I could run this user as a restricted account. She runs a program first built in the 80s that requires admin access to run. It has some quirky requirements but between some batch scripting and runas I have her setup so only that program runs as an administrator. Thanks again for all your help Sam, Bryan |
|
|
|
|
Jan 16 2010, 09:28 AM
Post
#25
|
|
|
Malware Expert Group: Malware Response Team Posts: 17,382 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Glad I could help!
 Now we'll remove OTL and some of the other tools we've used.
================ Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
 -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Jan 24 2010, 03:41 AM
Post
#26
|
|
|
Malware Expert Group: Malware Response Team Posts: 17,382 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 6th September 2010 - 03:09 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.